Newscrunch WordPress Theme Arbitrary File Upload Vulnerability
Vulnerability
A vulnerability allowing arbitrary file uploads has been identified in the Newscrunch theme for WordPress, affecting all versions through 1.8.4.1. The issue arises from a missing capability check in the 'newscrunch_install_and_activate_plugin' function, which allows authenticated users with Subscriber-level access and above to upload arbitrary files to the server. This vulnerability could potentially be exploited for remote code execution.
Impact
Exploitation of this vulnerability could lead to unauthorized file uploads, with the potential for remote code execution on the affected server.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can use the WordPress admin interface to trigger the 'newscrunch_install_and_activate_plugin' function. This can be done by sending a request that includes the plugin URL and slug, without the necessary authorization checks. The uploaded files will be placed on the server, where they can be accessed and executed remotely.
Remediation
Users are advised to update the Newscrunch theme to version 1.8.4.1 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.