CVE-2021-24123
HIGHBlubrry Powerpress < 8.3.8 - Unrestricted File Upload
Title source: ruleDescription
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36
Scores
CVSS v3
7.2
EPSS
0.0088
EPSS Percentile
75.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
blubrry/powerpress
< 8.3.8
Published
Mar 18, 2021
Tracked Since
Feb 18, 2026