CVE-2021-24123
HIGHPowerPress < 8.3.8 - Authenticated Arbitrary File Upload via Podcast Artwork Image
Title source: llmDescription
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36
Scores
CVSS v3
7.2
EPSS
0.0165
EPSS Percentile
73.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
blubrry/powerpress
< 8.3.8
Published
Mar 18, 2021
Tracked Since
Feb 18, 2026