CVE-2021-42362 - OpenCVE

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wordpress Popular Posts Project	Wordpress Popular Posts

Configuration 1 [-]

cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:*:*:*:*:*:wordpress:*:*

References

Link	Resource
http://packetstormsecurity.com/files/165376/WordPress-Popular-Posts-5.3.2-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/	Exploit Third Party Advisory
https://github.com/cabrerahector/wordpress-popular-posts/commit/d9b274cf6812eb446e4103cb18f69897ec6fe601
https://plugins.trac.wordpress.org/changeset/2542638/wordpress-popular-posts/trunk/src/Image.php	Patch Third Party Advisory
https://wpscan.com/vulnerability/bd4f157c-a3d7-4535-a587-0102ba4e3009	Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42362	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2021-11-12T00:00:00

Updated: 2023-11-21T23:31:19.797Z

Reserved: 2021-10-14T00:00:00

Link: CVE-2021-42362

JSON object: View

NVD Information

Status : Modified

Published: 2021-11-17T18:15:08.297

Modified: 2023-11-22T00:15:07.070

Link: CVE-2021-42362

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WordPress Popular Posts", "vendor": "WordPress Popular Posts", "versions": [{"lessThanOrEqual": "5.3.2", "status": "affected", "version": "0.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Original Researcher: Jerome Bruandet, NinTechNet Exploit Author: Simone Cristofaro"}], "datePublic": "2021-11-12T05:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.</p>"}], "value": "The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-11-21T23:31:19.797Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42362"}, {"tags": ["x_refsource_MISC"], "url": "https://plugins.trac.wordpress.org/changeset/2542638/wordpress-popular-posts/trunk/src/Image.php"}, {"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/bd4f157c-a3d7-4535-a587-0102ba4e3009"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/165376/WordPress-Popular-Posts-5.3.2-Remote-Code-Execution.html"}, {"tags": ["patch"], "url": "https://github.com/cabrerahector/wordpress-popular-posts/commit/d9b274cf6812eb446e4103cb18f69897ec6fe601"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update to version 5.3.3 or newer. </p>"}], "value": "Update to version 5.3.3 or newer. \n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "Wordfence", "ASSIGNER": "security@wordfence.com", "DATE_PUBLIC": "2021-11-12T13:26:00.000Z", "ID": "CVE-2021-42362", "STATE": "PUBLIC", "TITLE": "WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WordPress Popular Posts", "version": {"version_data": [{"version_affected": "<=", "version_name": "5.3.2", "version_value": "5.3.2"}]}}]}, "vendor_name": "WordPress Popular Posts"}]}}, "credit": [{"lang": "eng", "value": "Original Researcher: Jerome Bruandet, NinTechNet Exploit Author: Simone Cristofaro"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": "8.8", "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}]}, "references": {"reference_data": [{"name": "https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/", "refsource": "MISC", "url": "https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/"}, {"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42362", "refsource": "MISC", "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42362"}, {"name": "https://plugins.trac.wordpress.org/changeset/2542638/wordpress-popular-posts/trunk/src/Image.php", "refsource": "MISC", "url": "https://plugins.trac.wordpress.org/changeset/2542638/wordpress-popular-posts/trunk/src/Image.php"}, {"name": "https://wpscan.com/vulnerability/bd4f157c-a3d7-4535-a587-0102ba4e3009", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/bd4f157c-a3d7-4535-a587-0102ba4e3009"}, {"name": "http://packetstormsecurity.com/files/165376/WordPress-Popular-Posts-5.3.2-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/165376/WordPress-Popular-Posts-5.3.2-Remote-Code-Execution.html"}]}, "solution": [{"lang": "en", "value": "Update to version 5.3.3 or newer. "}], "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2021-42362", "datePublished": "2021-11-12T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2023-11-21T23:31:19.797Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FEC317D4-B717-4E9E-B3E0-0E719E80E25B", "versionEndIncluding": "5.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.\n\n"}, {"lang": "es", "value": "El plugin Popular Posts de WordPress es vulnerable a una carga de archivos arbitrarios debido a la insuficiente comprobaci\u00f3n del tipo de archivo de entrada encontrada en el archivo ~/src/Image.php que hace posible que atacantes con acceso de nivel de colaborador y superior carguen archivos maliciosos que pueden ser usados para obtener una ejecuci\u00f3n de c\u00f3digo remota, en versiones hasta la 5.3.2 incluy\u00e9ndola"}], "id": "CVE-2021-42362", "lastModified": "2023-11-22T00:15:07.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2021-11-17T18:15:08.297", "references": [{"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/165376/WordPress-Popular-Posts-5.3.2-Remote-Code-Execution.html"}, {"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/"}, {"source": "security@wordfence.com", "url": "https://github.com/cabrerahector/wordpress-popular-posts/commit/d9b274cf6812eb446e4103cb18f69897ec6fe601"}, {"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2542638/wordpress-popular-posts/trunk/src/Image.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/bd4f157c-a3d7-4535-a587-0102ba4e3009"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42362"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Primary"}]}