A week ago, the WordPress plugin Nimble Page Builder was closed on WordPress Plugin Directory. Because that is one of the 1,000 most popular plugins in that directory (it has 50,000+ installs), our systems warned us about the closure and we started checking over the plugin to see if there was a vulnerability we should warn customers of our service about if they are using the plugin. What we found was that it contains a cross-site request forgery (CSRF) vulnerability that can be used to upload some types of files.

In the file /inc/sektions/ccat-czr-sektions.php, the plugin makes the function sek_ajax_import_attachment() accessible to those logged in to WordPress: [Read more]