27 Oct

Restricted File Upload Vulnerability in Social Articles

Back in June and July we ran into an odd situation where there was supposed to have been a vulnerability fixed in the plugin WP Job Manager, but what is supposed to be the issue was still possible with the plugin. That supposed issue involved some form of abuse of the plugin’s image upload capability, but the change made simply restricted uploading images through WordPress’ AJAX functionality when not logged in to WordPress, but by default those not already with WordPress accounts on the website can still upload images files. The developer’s explanation for the action they took doesn’t really make sense, but out of this it did provide an indication that people with bad intentions will abuse the ability to upload image files. That capability to upload image files could also be used in conjunction with a local file inclusion (LFI) vulnerability, so making sure that those that are not intended to upload image files can’t upload them is a good idea.

[Read more]