Nationwide Vulnerability Database revealed a vulnerability advisory in regards to the ShortPixel Allow Media Exchange WordPress plugin utilized by over 600,000 web sites. A excessive severity vulnerability was found that would enable an attacker to add arbitrary recordsdata.

The US Vulnerability Database (NVD) assigned the vulnerability a rating of 8.8 out of 10, with 10 being the best severity.

Allow Media Exchange Plugin Vulnerability

Ordinarily one can’t add a picture with the identical file identify to replace an current picture.

The Allow Media Exchange Plugin by ShortPixel allows customers to simply replace photographs with out having to delete the previous picture after which add the up to date model with the identical file identify.

Safety researchers found that customers with publishing privileges can add arbitrary recordsdata, together with PHP Shells, also called backdoors.

A plugin that permits uploads (kind submissions) ideally checks that the file conforms to what’s alleged to be uploaded.

However in line with the safety warning at NVD, apparently that’s not taking place when customers add picture recordsdata.

The Nationwide Vulnerability Database revealed this description:

“The Allow Media Exchange WordPress plugin earlier than 4.0.2 doesn’t forestall authors from importing arbitrary recordsdata to the location, which can enable them to add PHP shells on affected websites.”

One of these vulnerability is classed as: Unrestricted Upload of File with Dangerous Type.

What meaning is that anybody with creator privileges can add a PHP script that may then be executed remotely by an attacker, since there are not any restrictions on what may be uploaded.

PHP Shell

A PHP Shell is a device that permits an internet site administrator to attach with the server remotely and do issues like carry out upkeep, upgrades, manipulate recordsdata and use command line packages.

That’s a scary quantity of entry for a hacker to realize, which can clarify why this vulnerability is rated Excessive, with a rating of 8.8.

This type of entry can also be known as a backdoor.

A GitHub backdoor list describes this sort of exploit:

“Hackers often benefit from an add panel designed for importing photographs onto websites.

That is often discovered as soon as the hacker has logged in because the admin of the location.

Shells may also be uploaded through exploits or distant file inclusion, or a virus on the pc.”

Really helpful Motion

ShortPixel has issued a patch for the vulnerability. The repair is documented within the official changelog situated within the WordPress repository for the plugin.

Allow Media Exchange plugin by ShortPixel which are lower than model 4.0.2 are susceptible.

Plugin customers might wish to think about updating to not less than model 4.0.2.

Learn the official NVD advisory for the vulnerability:

CVE-2023-0255 Detail


Source link