Lucene search
+L

CVE-2021-42362

🗓️ 17 Nov 2021 17:44:23Reported by WordfenceType 
cve
 cve
🔗 web.nvd.nist.gov👁 127 Views🌐 WEB

WordPress Popular Posts plugin CVE-2021-42362 vulnerabilit

Related
Detection
Affected
Refs
Paths
NVD
Vulners
[
  {
    "defaultStatus": "unaffected",
    "product": "WordPress Popular Posts",
    "vendor": "WordPress Popular Posts",
    "versions": [
      {
        "lessThanOrEqual": "5.3.2",
        "status": "affected",
        "version": "0.0",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
metavaluenestedwp-admin/admin-ajax.phpAuthenticated input validation flaw allows metadata value to redirect to a payload URL, enabling RCE when paired with payload hosting.CWE-434
_ajax_nonce-add-metanestedwp-admin/admin-ajax.phpAuthenticated input validation flaw allows metadata value to redirect to a payload URL, enabling RCE when paired with payload hosting.CWE-434
post_idnestedwp-admin/admin-ajax.phpAuthenticated input validation flaw allows metadata value to redirect to a payload URL, enabling RCE when paired with payload hosting.CWE-434
{post_id}_{payload_name}pathwp-content/uploads/wordpress-popular-posts/{post_id}_{payload_name}Malicious payload file path downloaded by the plugin to trigger execution on the server.CWE-434
widget_idpathwp-json/wordpress-popular-posts/v1/popular-posts/widget/{widget_id}Widget data endpoint queried to determine popular posts; can be used to trigger or validate payload delivery during exploitation.CWE-434

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:09Current
8.8High risk
Vulners AI Score8.8
CVSS 26.5
CVSS 3.18.8
EPSS0.79823
127