WordPress Plugin Vulnerabilities

Simple eCommerce <= 3.1.2 - Arbitrary File Upload

Description

The plugin does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could also make a logged admin upload a malicious PHP file, which would lead to RCE

Proof of Concept

Affects Plugins

Plugin icon
simple-e-commerce-shopping-cart
No known fix

References

CVE
CVE-2021-24620

Miscellaneous

Original Researcher
h3v0x
Submitter
Fellipe Oliveira
Submitter twitter
Fellipe1667
Verified
Yes
WPVDB ID
1f2b3c4a-f7e9-4d22-b71e-f6b051fd8349

Timeline

Publicly Published
2021-08-16 (about 4 years ago)
Added
2021-08-16 (about 4 years ago)
Last Updated
2023-07-07 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
e-Commerce <= 3.4 - Arbitrary File Upload Exploit
Published
2023-12-27
Title
Frontend Admin by DynamiApps Plugin < 3.18.4 - Unauthenticated Arbitrary File Upload
Published
2014-08-01
Title
Work The Flow File Upload < 2.4 - wp-admin/admin-ajax.php accept_file_types Parameter Manipulation File Upload Restriction Bypass
Published
2014-08-01
Title
Magnitudo - Arbitrary File Upload
Published
2024-10-17
Title
Woostagram Connect <= 1.0.2 - Unauthenticated Arbitrary File Upload