Cherry Plugin < 1.2.7 - Unauthenticated Arbitrary File Upload and Download



Description
The cherry plugin WordPress plugin was affected by an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file.
Proof of Concept
The following file was affected:

http://www.example.com/wp-content/plugins/cherry-plugin/admin/import-export/upload.php

Affects Plugin

fixed in version 1.2.7

References

URL https://support.alertlogic.com/hc/en-us/articles/115003048083-06-19-17-WordPress-CMS-Cherry-Plugin-Arbitrary-File-Upload-RCE
URL https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-cherry-multiple-vulnerabilities-1-2-6/
URL https://github.com/CherryFramework/cherry-plugin/issues/6

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Submitter Ryan
Views 1270
Verified No
WPVDB ID 10081

Timeline

Publicly Published 2016-06-22 (about 4 years ago)
Added 2020-02-20 (5 months ago)
Last Updated 2020-02-21 (5 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin