Vulnerability Description
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smartypantsplugins | Sp Project \& Document Manager | < 4.24 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileuploadExploitThird Party Advisory
- https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bdExploitThird Party Advisory
- https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileuploadExploitThird Party Advisory
- https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bdExploitThird Party Advisory
FAQ
What is CVE-2021-4225?
CVE-2021-4225 is a vulnerability with a CVSS score of 8.8 (HIGH). The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that cou...
How severe is CVE-2021-4225?
CVE-2021-4225 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4225?
Check the references section above for vendor advisories and patch information. Affected products include: Smartypantsplugins Sp Project \& Document Manager, Microsoft Windows.