Baidu SEO Plugin for WordPress Unauthenticated Arbitrary File Upload Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in the Baidu SEO Plugin for WordPress, affecting all versions through 2.0.6. The issue arises from inadequate file type validation in the 'download_remote_image_to_media_library' function. This vulnerability enables unauthenticated attackers to upload arbitrary files to the affected site's server, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability could allow for arbitrary file uploads, with the potential for remote code execution on the affected server.

Reproduction

The vulnerability can be reproduced by sending a request to the 'download_remote_image_to_media_library' function with an image URL that points to a file type not typically allowed by WordPress. The absence of proper file type validation in this function will permit the upload of the file to the WordPress media library.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.