High severity8.8NVD Advisory· Published Apr 25, 2022· Updated Jun 17, 2026
CVE-2021-4225
CVE-2021-4225
Description
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <4.24
Patches
Vulnerability mechanics
References
2- github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.mdnvdExploitThird Party Advisory
- wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.