Arbitrary File Upload in WP Plugin User Submitted Posts (ver<=20190426)
Updated on: February 19, 2024
Aakanchha Keshri
2 mins read
Article Summary
A fresh vulnerability disclosure in the series of WordPress plugins has come to notice. The WordPress plugin User Submitted Posts lets users upload posts and images from its front end feature. This WordPress plugin user submitted posts plugin currently has more than 30,000 installations. It was quite popular at the time a serious arbitrary file upload vulnerability was found in it. Learn more about the details of User Submitted Posts Exploit in this article.
A fresh vulnerability disclosure in the series of WordPress plugins has come to notice. The WordPress plugin User Submitted Posts lets users upload posts and images from its front end feature. This WordPress plugin user-submitted posts plugin currently has more than 30,000 installations. It was quite popular at the time a serious arbitrary file upload vulnerability was found in it. Learn more about the details of User Submitted Posts Exploit in this article.
Is your website hacked? Drop us a message here or chat with us now and, we’ll be happy to help you?
Technical Details: User Submitted Posts Exploit
Versions prior to & equal to 20190426 are vulnerable to arbitrary file upload. It allows any unauthenticated user on an apache server with PHP FastCGI to upload and run a PHP script in its ‘image upload’ feature which was supposed to allow image files only. It turns out, that if non-blacklisted extensions are in conjunction with the whitelisted ones, the validation system of this plugin was tricked. To be more clear, if you could camouflage the .php extension with .jpg, it does not get sanitized and gets validated. Here is an example of this, script.php.gif. Since the .php extension is disguised as an image file it will get through the security check and will be executed eventually. This could result in any malicious file reaching your databases or harm the privacy of sensitive information on your website. Is your website hacked? Drop us a message here or chat with us now and, we’ll be happy to help you?
Preventive measures: User Submitted Posts Exploit
The vulnerability was fixed in versions succeeding 20190426. Update to the patched version as soon as possible. Since, the vulnerability is now been disclosed publicly, using an older version can prove to be detrimental. To have an added assurance of security to your website, install a web application firewall on your website. Astra Web Security offers a continuous monitoring system as its WAF (Web Application Firewall), which protects your website from Arbitrary File Upload, SQLi, XSS, CSRF, bad bots, and 100+ other cyber threats.
Aakanchha Keshri
