Uploader Plugin for WordPress File Upload Arbitrary Code Execution

high Nessus Plugin ID 64264

Synopsis

The remote web server contains a PHP script that allows for arbitrary file uploads.

Description

The Uploader Plugin for WordPress installed on the remote host is affected by a file upload vulnerability due to a failure to properly verify or sanitize user-uploaded files. An unauthenticated, remote attacker can exploit this issue to upload files with arbitrary code and then execute them on the remote host, subject to the permissions of the web server user id.

Solution

Unknown at this time.

See Also

http://www.nessus.org/u?d052c6cc

Plugin Details

Severity: High

ID: 64264

File Name: wordpress_uploader_arbitrary_upload.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 1/28/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 12/28/2012

Reference Information

BID: 57112