WordPress RESTful Content Syndication Plugin Arbitrary File Upload Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in the RESTful Content Syndication plugin for WordPress, affecting versions 1.1.0 through 1.5.0. The issue arises from inadequate file type validation in the ingest_image() function, enabling authenticated attackers with Author-level access or higher to upload arbitrary files to the server. This vulnerability could potentially lead to remote code execution, particularly if the uploaded file is executed as a script. Exploitation requires access to a specified third-party server, making it less likely to be targeted by users with only Contributor-level access.

Impact

The vulnerability allows authenticated users with Author-level access and above to upload arbitrary files, which could be executed on the server, leading to remote code execution.

Reproduction

To reproduce this vulnerability, an authenticated user with Author-level access or higher can upload files through the RESTful Content Syndication plugin's image ingestion feature. The plugin must be configured to send data to a third-party server that the user controls.

Remediation

Users are advised to update the RESTful Content Syndication plugin to version 1.6.0 or later.