An arbitrary file upload vulnerability in the Plugin Download WordPress plugin allows unauthenticated attackers to upload and execute malicious files...
Description
An arbitrary file upload vulnerability in the Plugin Download WordPress plugin allows unauthenticated attackers to upload and execute malicious files via the admin-ajax.php endpoint.
AI Analyst Comment
Remediation
Update WordPress Plugin Download to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: WordPress
PRODUCT: Plugin Download
AFFECTED_VERSIONS: 1.48 and earlier
---END_METADATA---
Description Summary:
An arbitrary file upload vulnerability in the Plugin Download WordPress plugin allows unauthenticated attackers to upload and execute malicious files via the admin-ajax.php endpoint.
Executive Summary:
An unauthenticated arbitrary file upload vulnerability in the WordPress Plugin Download plugin allows attackers to achieve remote code execution by bypassing file extension restrictions.
Vulnerability Details
CVE-ID: CVE-2021-47940
Affected Software: WordPress Plugin Download
Affected Versions: 1.48 and earlier
Vulnerability: This vulnerability occurs in the AJAX fileupload action. Unauthenticated attackers can manipulate the allowExt parameter to bypass security checks and upload executable PHP shells to the web root.
Business Impact
The CVSS score of 9.8 reflects the high probability of total system compromise. By uploading and executing malicious scripts, an attacker can gain administrative access, steal sensitive configuration data, or use the server as a node for further malicious activities.
Remediation Plan
Immediate Action: Update the Plugin Download plugin to the latest version immediately to ensure file extension validation is correctly enforced.
Proactive Monitoring: Monitor server logs for requests to
admin-ajax.phpthat include thedownload_from_files_617_fileuploadaction and investigate any suspicious file modifications in the web root.Compensating Controls: Configure file system permissions to prevent the web server user from executing files uploaded to the plugin's upload directory.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of May 10, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability provides a straightforward path for attackers to gain execution privileges. Organizations must treat this as a high-priority update and verify that the plugin is fully patched to block unauthorized file uploads.