CVE-2021-4455

Name of the Vulnerable Software and Affected Versions Smart Product Review plugin for WordPress versions up to, and including, 1.0.4

Description The Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations For versions up to, and including, 1.0.4, update to a version that includes file type validation to prevent arbitrary file uploads. As a temporary workaround, consider restricting access to the plugin's upload functionality until a patch is available.