WordPress Inline Image Upload for BBPress Plugin Arbitrary File Upload Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in the Inline Image Upload for BBPress plugin for WordPress, affecting all versions through 1.1.19. The issue arises from inadequate validation of file extensions in the upload process. This vulnerability enables authenticated attackers with Subscriber-level access or higher to upload arbitrary files to the server, potentially leading to remote code execution. Additionally, if the 'Allow guest users without accounts to create topics and replies' setting is activated, unauthenticated attackers could exploit this vulnerability.

Impact

Exploitation of this vulnerability could allow for arbitrary file uploads, with the potential for remote code execution, depending on the nature of the uploaded files.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can upload files through the image upload feature in BBPress forum topics or replies. If the 'Allow guest users without accounts to create topics and replies' setting is enabled, this vulnerability can be exploited by unauthenticated users as well.

Remediation

Users are advised to update the Inline Image Upload for BBPress plugin to version 1.1.20 or a newer patched version.