WordPress Plugin Vulnerabilities

e-signature < 1.5.6.8 - Unauthenticated Arbitrary File Upload leading to RCE

Description

The AJAX sif_upload_file allowed the authorised extensions to be provided in the request, which result in unauthenticated arbitrary file upload and lead to RCE

Proof of Concept

/wp-admin/admin-ajax.php?action=sif_upload_file

Affects Plugins

Plugin icon
e-signature
Fixed in 1.5.6.8

References

URL
https://pagely.com/blog/unauthenticated-remote-code-execution-in-e-signature-plugin/

Miscellaneous

Original Researcher
John Castro
Submitter
Pagely
Submitter website
https://www.pagely.com
Submitter twitter
pagely
Verified
Yes
WPVDB ID
0e6b7a1f-dadd-45da-9961-6fe89ffb4c70

Timeline

Publicly Published
2021-01-19 (about 3 years ago)
Added
2021-01-19 (about 3 years ago)
Last Updated
2021-01-20 (about 3 years ago)

Other

Published
Title
Published
2020-08-13
Title
Quiz and Survey Master < 7.0.1 - Arbitrary File Upload
Published
2023-07-14
Title
User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload Leading to RCE
Published
2014-08-01
Title
Smart Slideshow - upload.php Multiple File Extension Upload Arbitrary Code Execution
Published
2014-08-01
Title
Annonces 1.2.0.1 - admin/theme.php File Upload PHP Code Execution
Published
2014-08-01
Title
Agritourismo - Remote File Upload