Skip to main content

Wordpress: CVE-2021-29447

$ tldr TryHackMe · Challenge · Easy

Description

Vulnerability allow a authenticated user whith low privilages upload a malicious WAV file that could lead to remote arbitrary file disclosure and server-side request forgery (SSRF).

Solve the room

Resources by skill

WordPress Exploitation · Server-Side Request Forgery · Cracking Hashes (hashcat / John)

Comments & tips

Solved this room a different way? Share it here — comments live in GitHub Discussions.
Last updated: 2026-05-09