CVE-2021-34639
WordPress Download Manager <= 3.1.24 Authenticated Arbitrary File UploadAuthenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions.
We have discovered 26 live websites that are affected by CVE-2021-34639.
Contact us to get more info
Common Weakness Enumeration
CWE-646 Reliance on File Name or Extension of Externally-Supplied File
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2021-34639 and the relative popularity of websites