{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2021-47965/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2021-47965"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["WP Super Edit plugin \u003c= 2.5.4"],"_cs_severities":["critical"],"_cs_tags":["cve-2021-47965","wordpress","file-upload","rce"],"_cs_type":"threat","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe WordPress WP Super Edit plugin, specifically versions 2.5.4 and earlier, is vulnerable to unrestricted file uploads due to a flaw in the integrated FCKeditor component. This vulnerability, identified as CVE-2021-47965, allows unauthenticated attackers to bypass file type validation and upload arbitrary files, including malicious PHP scripts or executables. By exploiting this vulnerability via the filemanager upload endpoint, attackers can achieve remote code execution on the target web server, potentially leading to complete system compromise. The vulnerability poses a significant risk to websites using the affected plugin versions, potentially impacting sensitive data, user accounts, and overall website functionality.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a WordPress website using a vulnerable version (\u0026lt;=2.5.4) of the WP Super Edit plugin.\u003c/li\u003e\n\u003cli\u003eThe attacker accesses the filemanager upload endpoint, typically found within the FCKeditor component\u0026rsquo;s directory.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request to the upload endpoint.\u003c/li\u003e\n\u003cli\u003eWithin the POST request, the attacker includes a payload, such as a PHP script containing malicious code, disguised with a manipulated file extension (e.g., \u0026ldquo;shell.php.jpg\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eDue to the missing or inadequate file type validation, the web server stores the malicious file in the upload directory.\u003c/li\u003e\n\u003cli\u003eThe attacker determines the file\u0026rsquo;s location on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker then sends a new HTTP request to execute the uploaded PHP script, triggering remote code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the web server, potentially installing malware, exfiltrating data, or performing other malicious actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2021-47965 allows unauthenticated attackers to upload arbitrary files, leading to remote code execution and complete system compromise. Affected websites could suffer data breaches, defacement, malware infections, and loss of service. Given the wide use of WordPress, this vulnerability poses a high risk to a large number of websites, especially those that have not updated their plugins.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update the WP Super Edit plugin to a version higher than 2.5.4 to patch CVE-2021-47965.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided in this brief to your SIEM to detect exploitation attempts targeting the filemanager upload endpoint.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to block requests with suspicious file extensions or content targeting the FCKeditor upload directory.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-15T19:18:49Z","date_published":"2026-05-15T19:18:49Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47965-wp-super-edit-file-upload/","summary":"WordPress WP Super Edit plugin version 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component, allowing unauthenticated attackers to upload arbitrary files leading to remote code execution and complete system compromise.","title":"CVE-2021-47965: WordPress WP Super Edit Plugin Unrestricted File Upload","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47965-wp-super-edit-file-upload/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2021-47965","version":"https://jsonfeed.org/version/1.1"}