The plugin allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE
1. Navigate to the page where [ffmwp] shortcode is included as Subscriber 2. Upload the malicious PHP file as PDF file (e.g., exploit.pdf) 3. View the file and rename it from exploit.pdf to exploit.php The file will be accessible via https://example.com/wp-content/uploads/user_uploads/<username>/exploit.php
UPLOAD
Raad Haddad of Cloudyrion GmbH
Raad Haddad of Cloudyrion GmbH
Yes
2022-09-07 (about 1 years ago)
2022-09-07 (about 1 years ago)
2022-09-07 (about 1 years ago)