WordPress Plugin Vulnerabilities

WordPress Popular Posts < 5.3.3 - Authenticated Code Injection

Description

Jerome Bruandet from NinTechNet discovered a code injection issue in the plugin before 5.3.3: "When thumbnails settings are set to 'Custom field name' and 'Resize image from Custom field' (they aren’t by default), a user with contributor role or above can bypass the file type verification, download a remote PHP script to the server and execute it."

Affects Plugins

Plugin icon
wordpress-popular-posts
Fixed in 5.3.3

References

CVE
CVE-2021-42362
Exploitdb
50129
URL
https://plugins.trac.wordpress.org/changeset/2542638
URL
https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
8.5 (high)

Miscellaneous

Original Researcher
Jerome Bruandet (NinTechNet)
Verified
Yes
WPVDB ID
bd4f157c-a3d7-4535-a587-0102ba4e3009

Timeline

Publicly Published
2021-06-07 (about 2 years ago)
Added
2021-06-07 (about 2 years ago)
Last Updated
2022-04-09 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
DZS Video Gallery - upload.php File Upload Remote Code Execution
Published
2014-09-16
Title
WordPress 3.9 & 3.9.1 Unlikely Code Execution
Published
2014-08-01
Title
WP Business intelligence lite < 1.1 - Remote Code Execution Exploit
Published
2014-08-01
Title
WP-Super-Cache 1.3 - Remote Code Execution
Published
2022-10-03
Title
Bricks Builder < 1.5.4 - Subscriber+ Remote Code Execution