CVE-2021-42362

Name of the Vulnerable Software and Affected Versions WordPress Popular Posts versions up to and including 5.3.2

Description The WordPress Popular Posts plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file. This makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution.

Recommendations For versions up to and including 5.3.2, update to a version that includes the fix for the arbitrary file upload vulnerability. As a temporary workaround, consider restricting access to the ~/src/Image.php file to minimize the risk of exploitation. Additionally, restrict contributor level access and above to prevent attackers from uploading malicious files.