WordPress AIT CSV Import/Export Plugin Arbitrary File Upload Vulnerability Allowing Remote Code Execution
Vulnerability
A vulnerability exists in the AIT CSV Import/Export plugin for WordPress, in versions through 3.0.3, allowing arbitrary file uploads. The issue arises from inadequate file type validation in the upload handler, located in the admin directory of the plugin. This flaw enables unauthorized attackers to upload arbitrary files to the server, potentially leading to remote code execution.
Impact
Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to upload and execute malicious PHP code on the server, potentially leading to a full compromise of the affected site.
Reproduction
The vulnerability can be reproduced by sending a POST request to the 'upload-handler.php' file within the 'ait-csv-import-export' plugin directory. This request must include a file payload disguised as a CSV file. Once uploaded, the file is accessible via the 'wp-content/uploads' directory, where it can be executed if it contains executable code.
Remediation
Users are advised to update the AIT CSV Import/Export plugin to version 3.0.4 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.