CVE-2021-4382: 
WordPress vulnerability analysis and mitigation

CVE-2021-4382 affects the Recently plugin for WordPress in versions up to and including 3.0.4. The vulnerability was discovered by Jerome Bruandet from NinTechNet and was publicly disclosed on June 7, 2021. The vulnerability exists in the fetch_external_image() function due to missing file type validation (WPScan).

The vulnerability is classified as an arbitrary file upload vulnerability that could lead to remote code execution. It has received a CVSS v3.1 score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is tracked as CWE-434 (Unrestricted Upload of File with Dangerous Type) (NVD).

The vulnerability allows authenticated attackers to upload arbitrary files on the affected site's server, which could potentially lead to remote code execution. This could enable attackers to execute malicious code with the privileges of the web server, potentially leading to full system compromise (Acunetix).

The vulnerability has been fixed in version 3.0.5 of the Recently plugin. Site administrators are strongly advised to update to this version or later to protect against this vulnerability (WPScan).