Lucene search

[email protected]NVD:CVE-2021-24123

HistoryMar 18, 2021 - 3:15 p.m.

CVE-2021-24123

2021-03-1815:15:13

CWE-434

[email protected]

web.nvd.nist.gov

arbitrary file upload

powerpress

wordpress plugin

version 8.3.8

feed images

podcast artwork

high privilege accounts

rce

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.4%

JSON

Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.

Affected configurations

Nvd

Node

blubrrypowerpressRange<8.3.8wordpress

VendorProductVersionCPE
blubrrypowerpress*cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
blubrry	powerpress	*	cpe:2.3:a:blubrry:powerpress::::::wordpress::*

References

wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.4%

JSON

Related for NVD:CVE-2021-24123

cvelist1 prion1 wpvulndb1 wpexploit1 cve1