Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin WP Upload Restriction Multiple Vulnerabilities (2.2.3)

Description

WordPress Plugin WP Upload Restriction is prone to multiple vulnerabilities, including cross-site scripting and security bypass vulnerabilities. Exploiting these issues may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, or to perform otherwise restricted actions and subsequently delete custom extensions. WordPress Plugin WP Upload Restriction version 2.2.3 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.2.8 or latest

References

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34625

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34626

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34627

https://plugins.svn.wordpress.org/wp-upload-restriction/trunk/readme.txt

Related Vulnerabilities

Squid Operation on a Resource after Expiration or Release Vulnerability (CVE-2024-23638)

Ruby on Rails Deserialization of Untrusted Data Vulnerability (CVE-2020-8164)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2015-3416)

Oracle Database Server CVE-2015-4796 Vulnerability (CVE-2015-4796)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3488)

Severity

High

Classification

CVE-2021-34625 CVE-2021-34626 CVE-2021-34627 CWE-79 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update