WordPress Plugin Vulnerabilities

College Publisher Import <= 0.1 - Arbitrary File Upload to RCE

Description

The plugin does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack.

The issue has been escalated to WordPress on April 12th, 2021

Proof of Concept

The PoC will be displayed once the issue has been remediated.

Affects Plugins

Plugin icon
college-publisher-import
No known fix

References

CVE
CVE-2021-24254
URL
https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/College%20Puglisher%20Import.md

Miscellaneous

Original Researcher
Jin Huang
Submitter
Jin Huang
Submitter website
https://github.com/jinhuang1102
Submitter twitter
JinHWhite412Ash
Verified
Yes
WPVDB ID
bb3e56dd-ae2e-45c2-a6c9-a59ae5fc1dc4

Timeline

Publicly Published
2021-04-11 (about 3 years ago)
Added
2021-04-12 (about 3 years ago)
Last Updated
2021-04-14 (about 3 years ago)

Other

Published
Title
Published
2014-08-01
Title
User Meta Version 1.1.1 - Arbitrary File Upload
Published
2014-08-01
Title
powerzoomer - Arbitrary File Upload
Published
2015-04-22
Title
Ultimate Product Catalogue <= 3.1.1 - Unauthenticated File Upload
Published
2023-11-20
Title
WP Child Theme Generator <= 1.1.0 - Admin+ Arbitrary File Upload
Published
2024-01-10
Title
Order Export & Order Import for WooCommerce < 2.4.4 - Shop Manager+ Arbitrary File Upload