WordPress Plugin Vulnerabilities

Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit

Description

The plugin uses an outdated PHPUnit library, which is known to be affected by an unauthenticated RCE issue.

February 28th, 2020 - Ticket sent to vendor via https://support.cedcommerce.com/open.php
March 6th, 2020 - Update requested to vendor (also realised that the ticket was closed w/o reason given)
March 12th, 2020 - Ticket closed again w/o explanation
March 12th, 2020 - Issue escalated to WP plugins team
March 18th, 2020 - WP Plugins Team investigating & plugin closed
March 25th, 2020 - Disclosure

Proof of Concept

Affects Plugins

Plugin icon
product-lister-walmart
No known fix

References

CVE
CVE-2017-9841
URL
http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
9.8 (critical)

Miscellaneous

Verified
Yes
WPVDB ID
7a1a014c-f840-4090-8f80-d692c2f17721

Timeline

Publicly Published
2020-03-25 (about 6 years ago)
Added
2020-03-25 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2021-02-23
Title
YITH WooCommerce Gift Cards Premium < 3.3.1 - RCE via Arbitrary File Upload
Published
2024-10-25
Title
Uix Shortcodes < 2.0.0 - Unauthenticated Arbitrary Shortcode Execution
Published
2024-11-15
Title
Drop Shadow Boxes < 1.7.15 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
Published
2022-12-29
Title
Multiple themes - Unauthenticated Arbitrary File Upload
Published
2014-08-01
Title
WPtouch 1.9.8 - ajax/file_upload.php Crafted Content-Type File Upload Remote Code Execution