VYPR
Unrated severityNVD Advisory· Published Mar 28, 2022· Updated Aug 3, 2024

WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE

CVE-2021-24962

Description

The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.