WordPress Plugin Vulnerabilities

Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload

Description

The plugin allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE

Proof of Concept

As any authenticated user, upload a PHP file via /wp-admin/upload.php?page=adv-file-upload

The file will be at https://example.com/wp-content/uploads/2022/03/<filename>.php

Affects Plugins

advanced-uploader

No known fix - plugin closed

References

CVE

CVE-2022-1103

Classification

Type

UPLOAD

CWE

CWE-434

Miscellaneous

Original Researcher

Roel van Beurden

Submitter

Roel van Beurden

Submitter twitter

roelvb79

Verified

Yes

WPVDB ID

9ddeef95-7c7f-4296-a55b-fd3304c91c18

Timeline

Publicly Published

2022-04-19 (about 11 months ago)

Added

2022-04-19 (about 11 months ago)

Last Updated

2022-04-20 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin