CVE-2021-47940

CRITICAL

WordPress Download From Files 1.48 Arbitrary File Upload

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47940. PoCs published by spacehen.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in the WordPress plugin 'Download From Files' (version <= 1.48). It uploads a malicious PHP file by leveraging an insecure AJAX action endpoint, allowing remote code execution.

Description

WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint with the download_from_files_617_fileupload action, manipulating the allowExt parameter to bypass file type restrictions and upload executable files like PHP shells to the web root.

Exploits (1)

exploitdb WORKING POC

by spacehen · pythonwebappsphp

https://www.exploit-db.com/exploits/50287

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in the WordPress plugin 'Download From Files' (version <= 1.48). It uploads a malicious PHP file by leveraging an insecure AJAX action endpoint, allowing remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Download From Files <= 1.48

No auth needed

Prerequisites: Target must have the vulnerable plugin installed and activated · Attacker must know the target URL

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 10, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Download From Files 1.48 Arbitrary File Upload

https://www.vulncheck.com/advisories/wordpress-download-from-files-arbitrary-file-upload

Exploit exploit

ExploitDB-50287

https://www.exploit-db.com/exploits/50287

Product product

Official Product Homepage

https://wordpress.org/plugins/download-from-files/

Scores

CVSS v3 9.8

EPSS 0.0040

EPSS Percentile 31.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (1)

download-from-files/Download From Files < 1.48

Published May 10, 2026

Tracked Since May 10, 2026