WordPress Plugin Vulnerabilities

Wpshop - eCommerce <= 1.3.9.5 - Arbitrary File Upload

Description

The script 'includes/ajax.php' allows execution of various actions by anonymous users. The action name is provided in the 'elementCode' parameter. One of these actions is named 'ajaxUpload'. This function allows for upload of arbitrary files, due to lack of sanitation of user input.

Affects Plugins

Plugin icon
wpshop
Fixed in 1.3.9.6

References

URL
https://g0blin.co.uk/g0blin-00036/
URL
https://github.com/espreto/wpsploit/blob/master/modules/exploits/unix/webapp/wp_wpshop_ecommerce_file_upload.rb

Miscellaneous

Submitter
James Hooker
Submitter website
https://research.g0blin.co.uk
Submitter twitter
g0blinResearch
Verified
No
WPVDB ID
85bb2718-2228-4405-8b50-76995dbf6862

Timeline

Publicly Published
2015-03-09 (about 11 years ago)
Added
2015-03-09 (about 11 years ago)
Last Updated
2019-10-24 (about 6 years ago)

Other

Published
Title
Published
2023-11-01
Title
Icons Font Loader < 1.1.3 - Admin+ Arbitrary File Upload
Published
2024-11-08
Title
WordPress User Extra Fields < 16.6 - Unauthenticated Arbitrary File Upload
Published
2016-12-10
Title
Delete All Comments 2.0 - Unauthenticated Arbitrary File Upload
Published
2024-02-23
Title
Brizy – Page Builder < 2.4.41 - Authenticated (Contributor+) Arbitrary File Upload
Published
2022-03-01
Title
Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF