Flex QR Code Generator WordPress Plugin Arbitrary File Upload Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in the Flex QR Code Generator plugin for WordPress, affecting all versions through 1.2.5. The issue arises from inadequate file type validation in the save_qr_code_to_db() function, enabling unauthenticated attackers to upload arbitrary files to the server, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability could allow for arbitrary file uploads, which may be used to execute malicious code on the server.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'wp_ajax_nopriv_flexqr_save_qr' endpoint with a 'qrData' parameter containing QR code data, and a 'logo' or 'qr_image' file uploaded through the 'Files' parameter. The absence of proper file type validation allows the uploaded files to be saved on the server.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and consider a replacement.