NewsBlogger WordPress Theme Arbitrary File Upload Vulnerability Allowing Remote Code Execution
Vulnerability
A vulnerability allowing arbitrary file uploads has been identified in the NewsBlogger theme for WordPress, affecting all versions through 0.2.5.1. The issue arises from a missing capability check in the newsblogger_install_and_activate_plugin() function, which allows authenticated attackers with subscriber-level access or higher to upload arbitrary files to the server. This could potentially lead to remote code execution.
Impact
Exploitation of this vulnerability could allow for arbitrary file uploads, which may be used to execute malicious code on the server.
Reproduction
To reproduce this vulnerability, an authenticated user with subscriber-level access or higher can trigger the newsblogger_install_and_activate_plugin() function. This can be done by sending a request to the WordPress admin-ajax.php file with the appropriate plugin slug and URL, bypassing the missing capability check. The uploaded files can then be executed if the server allows it.
Remediation
Users are advised to update the NewsBlogger theme to version 0.2.5.2 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.