WordPress Plugin Vulnerabilities
WordPress File Upload <= 3.4.0 - Unauthenticated Malicious File Upload
Description
The WordPress plugin wp-file-upload does not adequately check the filetype before allowing it to be uploaded. It also uploaded files with execute permissions, allowing malicious payloads to be uploaded.
Proof of Concept
1. Install wp-file-upload on a WordPress site and activate it. 2. Create an upload form on a page. 3. Create a file named payload.php.....jpg with the contents <?php echo "You got pwnd"; 4. Use the form you created to upload this payload 5. Navigate to /wp-content/uploads/payload.php.....jpg and see "You got pwnd" printed.
Affects Plugins
References
CVE
Miscellaneous
Submitter
Garth Mortensen
Submitter website
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2015-10-29 (about 8 years ago)
Added
2015-11-09 (about 8 years ago)
Last Updated
2020-09-22 (about 3 years ago)