Lucene search
Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution
admin Arbitrary PHP Code Execution via Widge
Show more
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution | 11 Oct 202100:00 | – | wpvulndb |
 | CVE-2021-24537 | 8 Nov 202118:15 | – | cve |
 | CVE-2021-24537 | 8 Nov 202118:15 | – | nvd |
 | WordPress Similar Posts Plugin Code Injection Vulnerability | 10 Nov 202100:00 | – | cnvd |
 | CVE-2021-24537 Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution | 8 Nov 202117:34 | – | cvelist |
 | WordPress Similar Posts plugin <= 3.1.5 - Arbitrary PHP Code Execution vulnerability | 11 Oct 202100:00 | – | patchstack |
 | Design/Logic Flaw | 8 Nov 202118:15 | – | prion |
- Add the Widget of the plugin (e.g via /wp-admin/widgets.php)
- Put the following payload (replacing WEBROOT by the real value) in the "Show only if page" setting of the widget: file_put_contents('/WEBROOT/info.php', '<?php phpinfo(); ?>').
- Save the settings and click on the Update button in the Widgets page
- Then go to /info.php (or whatever path was set above) to access the created info.phpTransform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo11 Oct 2021 00:00Current
1.3Low risk
Vulners AI Score1.3
EPSS0.002