Insert or Embed Articulate Content into WordPress < 4.3000000024 – Author+ Arbitrary File Upload | CVE 2024-5630 | Plugin Vulnerabilities

Description

The plugin does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

Proof of Concept

1) Go to http://your_site/wordpress/wp-admin/post-new.php and create new Post
2) Add e-Learning widget inside Page and upload a zip file in which will be two files. First - default HTML file like main.html, Second - PHP file file with name "relay.php" (inside this file will be PHP code)
3) After uploading check URL http://your_site/wordpress/wp-content/uploads/articulate_uploads/{name_of_zip}/cmd.phar?cmd=ls

Affects Plugins

insert-or-embed-articulate-content-into-wordpress

Fixed in 4.3000000024

References

CVE

URL

https://research.cleantalk.org/cve-2024-5630/

Classification

Type

COMMAND INJECTION

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/

Verified

Yes

WPVDB ID

538c875f-4c20-4be0-8098-5bddb7aecff4

Timeline

Publicly Published

2024-06-24 (about 1 year ago)

Added

2024-06-24 (about 1 year ago)

Last Updated

2024-07-12 (about 1 year ago)

Other

Published

Title

Published

2025-10-27

Title

W3 Total Cache < 2.8.13 - Unauthenticated Command Injection

Published

2023-10-05

Title

Newsletter Lite < 4.9.3 - Admin+ Command Injection

Published

2023-12-22

Title

Backup Migration < 1.4.0 - Authenticated (Admin+) OS Command Injection via url

Published

2022-10-18

Title

ImageMagick-Engine < 1.7.6 - Command Injection via CSRF

Published

2024-05-09

Title

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.103 - Admin+ Command Injection