CVE-2021-4455 – “WordPress Smart Product Review Plugin File Upload Vulnerability”

April 23, 2025

CVE ID : CVE-2021-4455

Published : April 19, 2025, 8:15 a.m. | 3 days, 23 hours ago

Description : The WordPress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1021 – Synology DiskStation Manager (DSM) File Disclosure

Next Article Windows 11 Now Runs on iPad in EU via UTM Virtual Machine

Highlights

CVE-2025-7772 – “WordPress Malware Removal Plugin Arbitrary File Read Vulnerability”

July 18, 2025

CVE ID : CVE-2025-7772

Published : July 18, 2025, 7:15 a.m. | 3 hours, 42 minutes ago

Description : The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

EcoFlow’s new portable battery stations are lighter and more powerful (DC plug included)

7 ways Linux can save you money

My favorite Kindle tablet just got a kids model, and it makes so much sense

You can turn your Google Photos into video clips now – here’s how

Blade Service Injection: Direct Service Access in Laravel Templates

Blade Service Injection: Direct Service Access in Laravel Templates

This Week in Laravel: NativePHP Mobile and AI Guidelines from Spatie

Retrieve the Currently Executing Closure in PHP 8.5

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

How to Open Control Panel in Windows 11

How to Shut Down Windows 11

CVE-2021-4455 – “WordPress Smart Product Review Plugin File Upload Vulnerability”

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

CVE-2025-47755 – SFT VS Out-of-Bounds Read Arbitrary Code Execution

Microsoft shares fix for Windows’ Classic Outlook CPU spike issue

Error’d: Mais Que Nada

Swiss government warns attackers have stolen sensitive data, after ransomware attack at Radix

CVE-2025-7772 – “WordPress Malware Removal Plugin Arbitrary File Read Vulnerability”

CVE-2025-40915 – Mojolicious::Plugin::CSRF Weak Random Number Generation CSRF Vulnerability

CVE-2025-7206 – D-Link DIR-825 HTTPd Stack-Based Buffer Overflow

CNCF Arm64 Pilot: Impact and Insights

CVE-2021-4455 – “WordPress Smart Product Review Plugin File Upload Vulnerability”

Related Posts