CVE-2021-34624: ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component
First published: Wed Jul 07 2021(Updated: )
A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. .
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Properfraction Profilepress | >=3.0.0<=3.1.3 |
Remedy
Update to version 3.1.4 or higher.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2021-34624.
What is the severity of CVE-2021-34624?
The severity of CVE-2021-34624 is critical, with a severity value of 9.8.
How does CVE-2021-34624 affect the ProfilePress WordPress plugin?
CVE-2021-34624 affects versions 3.0.0 - 3.1.3 of the ProfilePress WordPress plugin.
What is the impact of CVE-2021-34624?
CVE-2021-34624 allows users to upload arbitrary files during user registration or profile updates, which can lead to remote code execution or unauthorized access.
Is there a fix available for CVE-2021-34624?
Yes, a fix for CVE-2021-34624 is available. Users are advised to update to a version beyond 3.1.3 of the ProfilePress WordPress plugin.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/author
- agent/weakness
- agent/severity
- agent/title
- agent/references
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/source
- vendor/properfraction
- canonical/properfraction profilepress
- version/properfraction profilepress/3.0.0
- version/properfraction profilepress/3.1.3