WordPress Plugin Vulnerabilities

WordPress File Upload < 4.13.0 - Directory Traversal to RCE

Description

WordPress File Upload plugin directory traversal. It's possible to use the directory traversal to gain RCE by uploading a file (doesn't matter the extension) inside the /lib directory of the plugin.

More details here https://github.com/beerpwn/CVE/tree/master/WP-File-Upload_disclosure_report

Affects Plugins

Plugin icon
wp-file-upload
Fixed in 4.13.0

References

CVE
CVE-2020-10564
URL
https://plugins.trac.wordpress.org/changeset/2258584
URL
https://github.com/beerpwn/CVE/tree/master/WP-File-Upload_disclosure_report

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
riccardo krauter (p4w)
Submitter
riccardo krauter (p4w)
Submitter website
https://beerpwn.it/
Submitter twitter
https://twitter.com/p4w16
Verified
No
WPVDB ID
846fb693-62cd-4e51-92c0-233d104ab1f1

Timeline

Publicly Published
2020-03-13 (about 5 years ago)
Added
2020-03-13 (about 5 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2020-05-16
Title
Simple File List < 4.2.8 - Authenticated Arbitrary File Deletion
Published
2018-10-27
Title
ARForms < 3.5.2 - Unauthenticated Arbitrary File Deletion
Published
2023-05-23
Title
WordPress File Upload < 4.19.2 - Admin+ Path Traversal
Published
2022-04-28
Title
All-in-One WP Migration < 7.59 - Admin+ File Deletion on Windows Hosts via Path Traversal
Published
2024-03-04
Title
File Manager And File Manager Pro (Multiple Versions) - Directory Traversal