CVE-2021-4455 – “WordPress Smart Product Review Plugin File Upload Vulnerability”

April 23, 2025

CVE ID : CVE-2021-4455

Published : April 19, 2025, 8:15 a.m. | 3 days, 23 hours ago

Description : The WordPress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1021 – Synology DiskStation Manager (DSM) File Disclosure

Next Article Windows 11 Now Runs on iPad in EU via UTM Virtual Machine

Highlights

CVE-2025-49587 – XWiki XSS Through Unvalidated HTML in Notification Displayer

June 13, 2025

CVE ID : CVE-2025-49587

Published : June 13, 2025, 6:15 p.m. | 2 hours, 43 minutes ago

Description : XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification displayer executes Velocity, the existing generic analyzer already warns admins before editing Velocity code. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful. This vulnerability has been patched in XWiki 15.10.16, 16.4.7, and 16.10.2 by adding a required rights analyzer that warns the admin before editing about the possibly malicious code.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2021-4455 – “WordPress Smart Product Review Plugin File Upload Vulnerability”

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

MongoDB Create Datbases and Collections

CVE-2025-50147 – Apache HTTP Server Denial of Service

Vine Linux is a Linux distribution with an integrated Japanese environment

CVE-2025-20282 – Cisco ISE and ISE-PIC Privilege Escalation Remote File Upload Vulnerability

CVE-2025-49587 – XWiki XSS Through Unvalidated HTML in Notification Displayer

CVE-2025-47770 – Apache HTTP Server Cross-Site Request Forgery

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency

CVE-2021-4455 – “WordPress Smart Product Review Plugin File Upload Vulnerability”

Related Posts