WordPress Plugin Vulnerabilities

Augmented Reality <= 1.2.0 - Unauthenticated PHP File Upload leading to RCE

Description

The elFinder connector used allows upload of PHP files as the 'uploadAllow' options contains 'text/x-php'. This allows an unauthenticated user to upload PHP files, leading to a RCE vulnerability.

The issue is similar to https://wpscan.com/vulnerability/10389

Proof of Concept

Affects Plugins

Plugin icon
augmented-reality
No known fix

References

URL
https://plugins.svn.wordpress.org/augmented-reality/trunk/vendor/elfinder/php/connector.minimal.php

Miscellaneous

Original Researcher
Robert Wiggins
Verified
Yes
WPVDB ID
f2df1826-a510-4d0b-95d8-a70b968d11ef

Timeline

Publicly Published
2020-11-05 (about 5 years ago)
Added
2020-11-05 (about 5 years ago)
Last Updated
2021-03-23 (about 5 years ago)

Other

Published
Title
Published
2024-08-05
Title
Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload
Published
2025-09-03
Title
Wastia < 1.1.3 - Unauthenticated Arbitrary File Upload
Published
2024-09-09
Title
Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress < 6.5.6 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2024-10-31
Title
GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
Published
2014-08-01
Title
Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution