The plugin does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE
Import a PHP file via an URL [Tools > Import WP > Add Importer (put any name, and post template) > Create Importer > Remote File (select any file type)], eg: https://example.com/info.php (content of info.php:<?php phpinfo();?>) Intercept the response to get the path of the file (via the file[src], eg: 06-2-info.php) and append that https://WP/wp-content/uploads/<year>/<month>, eg: https://WP/wp-content/uploads/2022/04/06-2-info.php
UPLOAD
ericfrank900528
ericfrank900528
Yes
2022-04-11 (about 1 years ago)
2022-04-11 (about 1 years ago)
2022-04-13 (about 1 years ago)