CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-26 21:52:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
efebdd4f2d72a3494ec92163e9e88e00a3646b8a
CVEs-PoC/2021/CVE-2021-4455.md
T
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

18 lines
922 B
Markdown
Raw Blame History

### [CVE-2021-4455](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4455)
![](https://img.shields.io/static/v1?label=Product&message=Wordpress%20Plugin%20Smart%20Product%20Review&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brightgreen)
### Description
The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
### POC
#### Reference
- https://www.exploit-db.com/exploits/50533
#### Github
- https://github.com/ARPSyndicate/cve-scores
Reference in New Issue View Git Blame Copy Permalink