WordPress Plugin Vulnerabilities

Recently < 3.0.5 - Authenticated Code Injection

Description

Jerome Bruandet from NinTechNet discovered a code injection issue in the plugin before 3.0.5

Affects Plugins

Plugin icon
recently
Fixed in 3.0.5

References

CVE
CVE-2021-4382
URL
https://plugins.trac.wordpress.org/changeset/2542693

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
8.0 (high)

Miscellaneous

Original Researcher
Jerome Bruandet (NinTechNet)
Verified
Yes
WPVDB ID
92c3f26a-1a84-459a-874b-07dc83c9f42a

Timeline

Publicly Published
2021-06-07 (about 2 years ago)
Added
2021-06-07 (about 2 years ago)
Last Updated
2023-06-08 (about 10 months ago)

Other

Published
Title
Published
2020-01-02
Title
ElegantThemes (Divi, Extra, divi-builder < 4.0.10) - Authenticated Code Injection
Published
2018-05-18
Title
ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution
Published
2023-11-21
Title
WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE
Published
2024-02-14
Title
Bricks < 1.9.6.1 - Unauthenticated Remote Code Execution
Published
2021-06-07
Title
WordPress Popular Posts < 5.3.3 - Authenticated Code Injection