Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4225

April 25, 2022, 4:16 p.m. |

National Vulnerability Database nist.gov

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.

cve

Information Systems Security Officer (ISSO)

@ Spry Methods | Denver, CO

Client Manager - Cybersecurity - Nashville Enterprise

@ Optiv | Nashville, TN

Threat Analyst | Remote, USA

@ Optiv | Minneapolis, MN

Senior Cyber Security SME

@ Node.Digital | Dulles, Virginia, United States

Junior Security Engineer, Applications

@ BetterHelp | Mountain View, California, United States

Information Security Analyst II

@ SOPHiA GENETICS | Lausanne, Vaud, Switzerland

Product Security Engineer

@ Elastic | United States

Senior Network Exploitation Analyst

@ Barbaricum | Washington, DC

Junior Security Engineer, Blue Team

@ BetterHelp | Mountain View, California, United States

Security Analyst, Security Operations (Threat Hunting, Operations, and Response)

@ GitHub | Remote - US

Security Engineer III - Information Security, Active Directory

@ Riot Games, Inc. | Los Angeles, USA

Staff Security Engineer, Application Security

@ Lyft | Mexico City, Mexico