WordPress File Upload < 4.13.0 - Directory Traversal to RCE



Description
WordPress File Upload plugin directory traversal. It's possible to use the directory traversal to gain RCE by uploading a file (doesn't matter the extension) inside the /lib directory of the plugin.

More details here https://github.com/beerpwn/CVE/tree/master/WP-File-Upload_disclosure_report

Affects Plugin

fixed in version 4.13.0

References

CVE 2020-10564
URL https://plugins.trac.wordpress.org/changeset/2258584
URL https://github.com/beerpwn/CVE/tree/master/WP-File-Upload_disclosure_report

Classification

Type TRAVERSAL
OWASP Top 10 A1: Injection
CWE CWE-22

Miscellaneous

Original Researcher riccardo krauter (p4w)
Submitter riccardo krauter (p4w)
Submitter Website https://beerpwn.it/
Submitter Twitter https://twitter.com/p4w16
Views 1495
Verified No
WPVDB ID 10132

Timeline

Publicly Published 2020-03-13 (21 days ago)
Added 2020-03-13 (20 days ago)
Last Updated 2020-03-14 (20 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin