WordPress Plugin Vulnerabilities
Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload
Description
The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.
Proof of Concept
1. Navigate to: Appearance >Import Demo Content > Theme Demo Importer > Manually upload the demo files 2. Use the XML file import option to upload a PHP file containing this content: <?php phpinfo();?> 3. Find the file at https://example.com/wp-content/uploads/YYYY/MM/your-file.php
Affects Plugins
References
CVE
Classification
Type
RCE
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
ccltt1201
Submitter
ccltt1201
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-11-08 (about 1 years ago)
Added
2022-11-08 (about 1 years ago)
Last Updated
2022-11-08 (about 1 years ago)