CVE-2021-24537: Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution
First published: Mon Nov 08 2021(Updated: )
The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shareaholic Similar Posts | <=3.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-24537.
What is the title of the vulnerability?
The title of the vulnerability is 'The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP…'
What is the severity of CVE-2021-24537?
The severity of CVE-2021-24537 is high.
How does CVE-2021-24537 affect Shareaholic Similar Posts plugin?
CVE-2021-24537 affects Shareaholic Similar Posts plugin version up to 3.1.5.
How can the vulnerability be exploited?
The vulnerability can be exploited by high privilege users executing arbitrary PHP code in an environment with certain settings.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/shareaholic
- canonical/shareaholic similar posts
- version/shareaholic similar posts/3.1.5