CVE-2021-47965

WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload

CVSS 9.3 CRITICALEPSS 0.6%CWE-434

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

wp-super-edit · WP Super Edit

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/49839no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wordpress.org https://wordpress.org/plugins/wp-super-edit/https://www.exploit-db.com/exploits/49839 https://www.vulncheck.com/advisories/wordpress-plugin-wp-super-edit-unrestricted-file-upload