How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

AGIL <= 1.0 - Admin+ Arbitrary File Upload

Description

The plugin accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE

Proof of Concept

As an admin, set a base folder name(for example, test), upload a zipped PHP file via the Grid Image Listing page of the plugin (https://example.com/wp-admin/admin.php?page=automatic_grid_image_listing).

The file will be located at https://example.com/wp-content/test/<filename.php>

Affects Plugins

automatic-grid-image-listing

No known fix - plugin closed

References

CVE

Classification

Type

UPLOAD

CWE

Miscellaneous

Original Researcher

Chuang LI

Submitter

Chuang LI

Submitter website

https://github.com/CreativeChuang

Verified

Yes

WPVDB ID

47235989-d9f1-48a5-9799-fdef0889bf8a

Timeline

Publicly Published

2022-04-19 (about 2 months ago)

Added

2022-04-19 (about 2 months ago)

Last Updated

2022-04-20 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin