WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

College Publisher Import <= 0.1 - Arbitrary File Upload to RCE

Description

The plugin does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack.

The issue has been escalated to WordPress on April 12th, 2021

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

college-publisher-import
No known fix - plugin closed

References

CVE
CVE-2021-24254
URL
https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/College%20Puglisher%20Import.md

Classification

Type

UPLOAD

CWE
CWE-434

Miscellaneous

Original Researcher

Jin Huang

Submitter

Jin Huang

Submitter website
https://github.com/jinhuang1102
Submitter twitter
JinHWhite412Ash
Verified

Yes

WPVDB ID
bb3e56dd-ae2e-45c2-a6c9-a59ae5fc1dc4

Timeline

Publicly Published

2021-04-11 (about 1 years ago)

Added

2021-04-12 (about 1 years ago)

Last Updated

2021-04-14 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin