Login

Tag Archives: Authenticated Arbitrary File Deletion

24 Nov 2021

Closed WordPress Plugin With 90,000+ Installs Contains Authenticated Arbitrary File Deletion Vulnerability

Today, the WordPress plugin Advanced Contact form 7 DB (Advanced CF7 DB) was closed on WordPress Plugin Directory. Because that being one of the 1,000 most popular plugins in that directory (it has 90,000+ installs), our systems warned us about the closure and we started checking over the plugin to see if there was a vulnerability we should warn customers of our service about if they are using the plugin. What we found was that it contains a vulnerability that allows anyone logged in to WordPress can delete arbitrary files from the website.

We tested and confirmed that our new firewall plugin for WordPress protected against the proof of concept below, even before we discovered the vulnerability, as part of its protection against zero-day vulnerabilities. [Read more]

20 Oct 2021

Authenticated Arbitrary File Deletion Vulnerability in Smart Grid-Layout Design for Contact Form 7

One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught a less serious variant of one of those vulnerabilities, an authenticated arbitrary file deletion vulnerability, in the plugin Smart Grid-Layout Design for Contact Form 7 (CF7 Smart Grid Design Extension).

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

5 Oct 2021

The MStore API WordPress Plugin Also Contains an Authenticated Arbitrary File Deletion Vulnerability

Earlier today an unfixed arbitrary file upload vulnerability in the WordPress plugin MStore API  was disclosed through release of exploit code for it. While the information provided with the exploit code claims the vulnerability impacts 2.0.6 and “possibly higher”, the vulnerability actually didn’t exist in that version, but does exist in the latest version of the plugin (information on which versions of the plugin are impacted is included in the data provided by our service). Earlier today the developer made a change that looks like it was an attempt to fix this, while not raising the version number of the plugin, so anyone already using the latest version of the plugin wouldn’t be provided with the attempted fix. That doesn’t matter much, as the change doesn’t fix the issue, just makes exploiting a bit more complicated.

As of posting this, the plugin remains in the WordPress Plugin Directory despite the plugin having a publicly known vulnerability that is of a type hackers are very likely to exploit. [Read more]

30 Aug 2019

Our Proactive Monitoring Caught an Authenticated Arbitrary File Deletion Vulnerability Being Introduced in to Ovic Addon Toolkit

One of the ways we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we caught an authenticated arbitrary file deletion vulnerability being introduced in to the plugin Ovic Addon Toolkit, which can also be exploited through cross-site request forgery (CSRF).

The possibility of this vulnerability is also flagged by our Plugin Security Checker, so you can check plugins you use to see if they might have similar issues with that tool. [Read more]

1 Feb 2019

Full Disclosure of Authenticated Arbitrary File Deletion Vulnerability in WordPress Plugin with 300,000+ Installs

Yesterday we full disclosed an authenticated arbitrary file upload vulnerability in the WordPress plugin Meta Box, which has 300,000+, that we had spotted as it was introduced in to the plugin. Subsequent to that the plugin was closed on the Plugin Directory and that got flagged as part of our monitoring for the closure of any of the 1,000 most popular WordPress plugins (it has been a busy week for that, as six of them have been removed). When those plugins get closed we do a few quick security checks over the plugins to see if there might be any obvious security issue in the plugins, which we should be warning our customers about, even if that didn’t lead to the closure. In this case we knew why the plugin was closed, but we did those checks anyway, which led to us finding the plugin also contains an authenticated arbitrary file deletion vulnerability. That vulnerability looks like it was connected to the change that also introduced the authenticated arbitrary file upload vulnerability.

Due to the moderators of the WordPress Support Forum’s continued inappropriate behavior we are full disclosing vulnerabilities in protest until WordPress gets that situation cleaned up, so we are releasing this post and then only trying to notify the developer through the WordPress Support Forum. You can notify the developer of this issue on the forum as well. Hopefully the moderators will finally see the light and clean up their act soon, so these full disclosures will no longer be needed (we hope they end soon). You would think they would have already done that since a previously full disclosed vulnerability was quickly on hackers’ radar, but it appears those moderators have such disdain for the rest of the WordPress community that their continued ability to act inappropriate is more important that what is best for the rest of the community. [Read more]

16 Apr 2018

Vulnerability Details: Authenticated Arbitrary File Deletion Vulnerability in Woo Import Export

From time to time a vulnerability in a plugin is disclosed without the discoverer putting out a complete report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

[Read more]

13 Feb 2018

Vulnerability Details: Authenticated Arbitrary File Deletion Vulnerability in Woocommerce CSV Import

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

[Read more]

23 Oct 2017

Authenticated Arbitrary File Deletion Vulnerability in Awesome Support

As we mentioned in more detail the previous post discussing the other vulnerability we found in the plugin Awesome Support, after seeing them make some bad advice on making decisions on what plugin to use from a security perspective, we took at look at their plugin and in seconds found that it wasn’t secure.

The plugin allows anyone to create a WordPress account, which increases security risk due to the fact that many plugins do not properly restrict access to functionality in them to only certain logged in users, this plugin being one of them. [Read more]

2 Jan 2017

Vulnerability Details: Authenticated Arbitrary File Deletion Vulnerability in BuddyPress

From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to identify additional vulnerabilities in the plugin.

[Read more]