KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

9.8

CVSS
Critical

CVE-2021-34624

PUBLISHED

ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component

Exploited in the wild Remote Low complexity No user interaction

Vendor: ProfilePress
Product: ProfilePress
Published: Jul 07, 2021
EPSS: —

Description

A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3. .

nuclei_scanner

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-06-12 00:00:00 UTC · Source

SSVC decision points

Exploitation: poc
Automatable: Yes
Technical impact: total

References

https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin/

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL)	Jun 12, 2025

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-34624.yaml	Jun 01, 2026

Timeline

CVE ID Reserved

June 10, 2021
CVE Published to Public

July 07, 2021
Added to KEVIntel

June 12, 2025
Detected by Nuclei

June 01, 2026