SKT Page Builder WordPress Plugin Arbitrary File Upload Vulnerability
Vulnerability
A vulnerability allowing arbitrary file uploads has been identified in the SKT Page Builder plugin for WordPress, affecting all versions through 4.6. The issue arises from a missing capability check in the 'addLibraryByArchive' function, which allows authenticated attackers with subscriber-level access and above to upload files. This vulnerability could be exploited to execute remote code.
Impact
Exploitation of this vulnerability could lead to remote code execution on the affected WordPress site.
Reproduction
To reproduce this vulnerability, an authenticated user with subscriber-level access or higher can upload arbitrary files through the SKT Page Builder plugin's library management feature. The 'addLibraryByArchive' function does not properly validate user capabilities, allowing unauthorized file uploads.
Remediation
Users are advised to update the SKT Page Builder plugin to version 4.8 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.