WordPress Plugin Vulnerabilities

e-signature < 1.5.6.8 - Unauthenticated Arbitrary File Upload leading to RCE

Description

The AJAX sif_upload_file allowed the authorised extensions to be provided in the request, which result in unauthenticated arbitrary file upload and lead to RCE

Proof of Concept

/wp-admin/admin-ajax.php?action=sif_upload_file

Affects Plugins

e-signature

Fixed in version 1.5.6.8

References

URL

https://pagely.com/blog/unauthenticated-remote-code-execution-in-e-signature-plugin/

Classification

Type

UPLOAD

CWE

CWE-434

Miscellaneous

Original Researcher

John Castro

Submitter

Pagely

Submitter website

https://www.pagely.com

Submitter twitter

pagely

Verified

Yes

WPVDB ID

0e6b7a1f-dadd-45da-9961-6fe89ffb4c70

Timeline

Publicly Published

2021-01-19 (about 2 years ago)

Added

2021-01-19 (about 2 years ago)

Last Updated

2021-01-20 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin