WP User Frontend Pro Arbitrary File Upload Vulnerability Allowing Remote Code Execution
Vulnerability
A vulnerability exists in the WP User Frontend Pro plugin for WordPress, in all versions through 4.1.3. The issue arises from inadequate file type validation in the upload_files() function, allowing authenticated attackers with Subscriber-level access or higher to upload arbitrary files to the server. This vulnerability could potentially lead to remote code execution, especially if the 'Private Message' module is enabled and the Business version of the PRO software is being used.
Impact
Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to execute malicious code on the server, leading to remote code execution.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can upload files through the private messaging feature, taking advantage of the lack of file type validation. After uploading a malicious file, it can be executed on the server, potentially leading to unauthorized actions or access.
Remediation
Users are advised to update the WP User Frontend Pro plugin to version 4.1.4 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.