Input validation

2023-06-0702:15:00

PRIOn knowledge base

www.prio-n.com

wordpress

plugin

arbitrary file upload

vulnerability

remote code execution

nvd

8.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

CPENameOperatorVersion
recentlylt3.0.5

CPE	Name	Operator	Version
	recently	lt	3.0.5

References

plugins.trac.wordpress.org/changeset/2542693

wpscan.com/vulnerability/92c3f26a-1a84-459a-874b-07dc83c9f42a

www.acunetix.com/vulnerabilities/web/wordpress-plugin-recently-multiple-vulnerabilities-3-0-4/

www.wordfence.com/threat-intel/vulnerabilities/id/f8297149-2de3-4e49-80f9-6ea59dea6bce?source=cve