Published : May 16, 2026, 4:16 p.m. | 8 hours, 30 minutes ago
Description :WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted file_name and folder_name parameters to delete arbitrary files from the WordPress installation directory.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2021-47979
N/A
Identify all Linux systems running potentially vulnerable kernel versions. This vulnerability is a use-after-free in the netfilter subsystem (nf_tables) that can lead to local privilege escalation or denial of service. Prioritize systems with local user access, especially those hosting sensitive data or critical services.
For critical systems where immediate patching is not feasible, consider temporary isolation or enhanced monitoring. Restrict local user access to the minimum necessary. While disabling netfilter entirely is generally impractical for most network-connected systems, evaluate if specific, non-essential nf_tables features can be temporarily disabled without impacting core functionality. This is a high-risk decision and should only be undertaken after careful assessment.
2. PATCH AND UPDATE INFORMATION
This vulnerability, CVE-2021-47979, is a use-after-free flaw in the Linux kernel's netfilter nf_tables component, specifically within the nf_tables_set_elem_expr_clone function. It affects Linux kernel versions prior to the fixes released in stable branches.
Affected versions include, but are not limited to, kernels in the 5.x series before specific point releases.
The vulnerability was addressed in the following stable kernel versions:
– Linux kernel 5.10.x (fixed in 5.10.74 or later)
– Linux kernel 5.11.x (fixed in 5.11.22 or later)
– Linux kernel 5.14.x (fixed in 5.14.13 or later)
– Linux kernel 5.15.x (fixed in 5.15.2 or later)
It is crucial to update affected Linux systems to a patched kernel version.
Steps for updating:
a. Consult your operating system vendor's security advisories for the specific patched kernel packages available for your distribution (e.g., Red Hat, Debian, Ubuntu, SUSE).
b. Use your distribution's package manager to apply the kernel update.
– For Debian/Ubuntu: sudo apt update && sudo apt upgrade linux-image-generic
– For RHEL/CentOS/Fedora: sudo yum update kernel or sudo dnf update kernel
– For openSUSE/SLES: sudo zypper update kernel-default
c. After the kernel update, it is mandatory to reboot the system to load the new kernel. Failure to reboot will leave the system vulnerable.
d. Verify the new kernel version after reboot using 'uname -r'. Ensure it matches or exceeds the patched version.
3. MITIGATION STRATEGIES
If immediate patching is not possible, implement the following mitigation strategies:
a. Restrict Local Access: Since this is a local privilege escalation vulnerability, strictly limit local user access to affected systems. Implement strong authentication and authorization controls.
b. Least Privilege: Enforce the principle of least privilege for all users and services. Users should only have the minimum necessary permissions to perform their tasks.
c. Linux Security Modules (LSMs): Utilize SELinux or AppArmor in enforcing mode to restrict the capabilities of user processes. Custom policies can be developed to further limit the actions of processes, potentially preventing the exploit chain.
d. Kernel Hardening: Implement kernel hardening measures such as disabling unneeded kernel modules, enabling kernel address space layout randomization (KASLR), and other security features provided by your distribution.
e. Network Segmentation: Isolate critical systems on separate network segments to limit potential lateral movement if a system is compromised.
f. Endpoint Detection and Response (EDR): Deploy and configure EDR solutions to monitor for suspicious process behavior, unauthorized system call sequences, and unexpected kernel module loading or unloading, which could indicate an attempted exploit.
4. DETECTION METHODS
a. Kernel Version Check: Regularly check the kernel version of all Linux systems using 'uname -r'. Compare this against the list of patched versions to identify vulnerable systems.
b. System Call Monitoring: Configure auditd or similar system call monitoring tools to log calls related to netfilter (e.g., nf_tables related system calls, ioctl operations on netfilter devices). Look for unusual sequences of calls, repeated failures, or calls originating from unexpected processes.
c. Log Analysis: Monitor system logs (syslog, journalctl) and kernel logs (dmesg) for signs of kernel panics, crashes, or error messages related to netfilter or memory management issues that might indicate an attempted exploit or a denial of service condition.
d. Process Monitoring: Monitor for unusual process creation, privilege changes, or execution of suspicious binaries, especially if originating from a non-privileged user account