WordPress Omni Secure Files Plugin Unauthenticated Arbitrary File Upload Vulnerability

A vulnerability exists in the Omni Secure Files plugin for WordPress, specifically in versions through 0.1.13. The issue arises from the 'upload.php' file in the 'plupload/examples' directory, which allows unauthenticated users to upload arbitrary files without proper validation of file types. This flaw can be exploited to upload malicious PHP scripts, potentially leading to remote code execution if the uploaded file is executed on the server.

Impact

Successful exploitation allows for arbitrary file uploads, which can be used to execute malicious scripts on the server, potentially leading to unauthorized access or privilege escalation.

Reproduction

To exploit this vulnerability, upload a file through the vulnerable 'upload.php' endpoint using a POST request. The request must include the file parameter with the name of the file to be uploaded, and the name parameter with the desired name of the uploaded file. Once uploaded, the file can be accessed from the 'uploads' directory of the Omni Secure Files plugin.

Remediation

Users are advised to update the Omni Secure Files plugin to version 0.1.14 or later.