CVE-2021-34624
ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. .
Una vulnerabilidad en el componente de carga de archivos encontrada en el archivo ~/src/Classes/FileUploader.php del plugin ProfilePress de WordPress permite a usuarios cargar archivos arbitrarios durante el registro del usuario o durante la actualizaciĆ³n del perfil. Este problema afecta a las versiones 3.0.0 - 3.1.3
A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2021-06-10 CVE Reserved
- 2021-06-28 CVE Published
- 2024-10-15 CVE Updated
- 2024-10-15 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin | 2024-10-15 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Properfraction Search vendor "Properfraction" | Profilepress Search vendor "Properfraction" for product "Profilepress" | >= 3.0.0 <= 3.1.3 Search vendor "Properfraction" for product "Profilepress" and version " >= 3.0.0 <= 3.1.3" | wordpress |
Affected
|