WordPress Plugin Vulnerabilities

AAWP < 3.12.3 - Unsafe URL Handling

Description

The plugin can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.

Proof of Concept

wp-content/aawp/public/image.php?url=[base64-url] will load and download the file from the base64-decoded URL

Affects Plugins

Plugin icon
aawp
Fixed in 3.12.3

References

CVE
CVE-2022-4794

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
feb4580d-df15-45c8-b59e-ad406e4b064c

Timeline

Publicly Published
2023-01-04 (about 1 years ago)
Added
2023-01-04 (about 1 years ago)
Last Updated
2023-01-04 (about 1 years ago)

Other

Published
Title
Published
2014-08-01
Title
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
Published
2018-12-13
Title
WordPress <= 5.0 - Authenticated File Delete
Published
2014-08-01
Title
WordPress <= 2.8.5 - Unrestricted File Upload Arbitrary PHP Code Execution
Published
2023-05-11
Title
Announcement & Notification Banner – Bulletin < 3.7.0 - Subscriber+ Unauthorized Access and Modification
Published
2023-11-28
Title
WP Forms Puzzle Captcha <= 4.1 - Captcha Bypass