WordPress N-Media Website Contact Form With File Upload Arbitrary File Upload Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in the WordPress N-Media Website Contact Form With File Upload plugin, specifically in versions through 1.3.4. The issue arises from inadequate file type validation in the 'upload_file()' function, enabling unauthenticated attackers to upload arbitrary files to the affected site's server. This vulnerability could potentially lead to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to upload malicious files that execute code on the server, such as web shells.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'wp-admin/admin-ajax.php' with the 'action' parameter set to 'upload', the 'Filedata' parameter containing the file to be uploaded (such as a PHP backdoor), and the 'nm_webcontact_upload_file' action specified. The response will confirm the upload, and the uploaded file can be accessed from the 'wp-content/uploads/contact_files/' directory.

Remediation

Users are advised to update the plugin to version 1.4 or later.