Customizer Export/Import < 0.9.7.1 – Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import | CVE 2024-7620 | Plugin Vulnerabilities

Description

The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: This vulnerability is only exploitable when used in conjunction with a race condition as the uploaded file is deleted shortly after it is created.

Affects Plugins

customizer-export-import

Fixed in 0.9.7.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/7600e7df-725d-4877-b0bf-5329f814723f

Miscellaneous

Original Researcher

Luk6785

Verified

No

WPVDB ID

17e2497e-2bc9-4cd8-b55e-5c0b1c1e789d

Timeline

Publicly Published

2024-09-06 (about 1 year ago)

Added

2024-09-06 (about 1 year ago)

Last Updated

2024-09-07 (about 1 year ago)

Other

Published

Title

Published

2021-03-24

Title

All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion

Published

2021-07-01

Title

PWA for WP & AMP < 1.7.33 - Authenticated (Subscriber+) Settings Change

Published

2014-08-01

Title

SEO Watcher - Open Flash Chart Arbitrary File Creation

Published

2026-04-16

Title

Academy LMS Pro < 3.5.2 - Authenticated (Custom+) Arbitrary File Upload

Published

2024-10-30

Title

Training – Courses <= 2.0.1 - Authenticated (Subscriber+) Arbitrary File Upload