QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24123

Published: Mar 18, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.

Vendor	Product	Versions
Unknown	PowerPress	affected `8.3.8 - < 8.3.8`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.