CVE-2021-42362

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-42362

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42362.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-42362

Published

2021-11-17T18:15:08Z

Modified

2025-04-28T03:15:04.852478Z

Summary

[none]

Details

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.

References

Affected packages

Git / github.com/cabrerahector/wordpress-popular-posts

Affected ranges

Type: GIT
Repo: https://github.com/cabrerahector/wordpress-popular-posts
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d9b274cf6812eb446e4103cb18f69897ec6fe601

Fixed

d9b274cf6812eb446e4103cb18f69897ec6fe601

Affected versions

2.*

2.3.6

2.3.7

3.*

3.0.0

3.0.0-alpha-1

3.0.0-alpha-2

3.0.0-alpha-3

3.0.0-alpha-4

3.0.0-alpha-5

3.0.0-beta-1

3.0.0-beta-2

3.0.1

3.0.2

3.0.2-beta-1

3.0.3

3.0.4-beta-1

3.0.4-beta-2

3.0.4-beta-3

3.0.4-beta-4

3.0.4-beta-5

3.1.0

3.1.0-beta-1

3.1.0-beta-2

3.1.0-beta-3

3.1.1

3.1.1-beta-1

3.1.1-beta-2

3.1.2-beta-1

3.2.0

3.2.0-beta-1

3.2.0-beta-2

3.2.1

3.2.2

3.2.2-beta-1

3.2.2-beta-2

3.2.2-beta-3

3.2.3

3.2.3-beta-1

3.2.3-beta-2

3.2.3-beta-3

3.3.0

3.3.0-beta-1

3.3.1

3.3.2

3.3.2-beta-1

3.3.3

3.3.4

3.3.4-final

4.*

4.0.0

4.0.1

4.0.1-beta-1

4.0.1-beta-2

4.0.10

4.0.11

4.0.12

4.0.13

4.0.2

4.0.3

4.0.5

4.0.6

4.0.7-beta-1

4.0.7-beta-2

4.0.7-beta-3

4.0.7-beta-4

4.0.8

4.0.9

4.1.0

4.1.1

4.1.2

4.2.0

4.2.1

4.2.2

5.*

5.0.0

5.0.1

5.0.1-beta-1

5.0.2

5.1.0

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.3.0

5.3.1

5.3.2