High severity8.8NVD Advisory· Published Jun 14, 2021· Updated Jun 17, 2026
CVE-2021-24347
CVE-2021-24347
Description
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/SP Project & Document Managerdescription
- Range: <4.22
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/163434/WordPress-SP-Project-And-Document-Manager-4.21-Shell-Upload.htmlnvdExploitThird Party AdvisoryVDB Entry
- packetstormsecurity.com/files/163675/WordPress-SP-Project-And-Document-Remote-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
- wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45anvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.