CVE-2021-21351

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2021-21351 is a vulnerability that affects the Duplicator plugin for WordPress, specifically versions prior to 1.4.0. This vulnerability allows an attacker with access to a low-privileged account on a targeted site to execute arbitrary code, potentially leading to a full compromise of the website and its data. The flaw exists due to insufficient input validation in the import function of the plugin, which can be exploited by an attacker to upload a malicious file to the server. The vulnerability was first reported to the Duplicator development team on March 10, 2021, and a patch was released on April 22, 2021, in version 1.4.0 of the plugin. However, due to the widespread use of the plugin, many websites remained vulnerable even after the patch was released. In June 2021, the Wordfence Threat Intelligence team identified active exploitation attempts targeting sites using vulnerable versions of the Duplicator plugin. Website administrators are advised to update the Duplicator plugin to version 1.4.0 or later as soon as possible. Additionally, it is recommended to review the list of users with access to the plugin and remove any unnecessary accounts with low privileges. As always, it is important to maintain regular backups of website data and implement strong password policies to minimize the impact of any potential security incidents.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2021-21351 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Multiple vulnerabilities in IBM Security Verify Governance