Themefic BEAF WordPress Plugin Arbitrary File Upload Vulnerability

A vulnerability allowing unrestricted file uploads has been identified in the Themefic BEAF WordPress plugin, affecting versions through 4.6.10. This flaw allows users with administrative privileges to upload arbitrary files, including web shells, which could be executed on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, including execution of uploaded web shells on the server.

Reproduction

To reproduce this vulnerability, log into the WordPress admin panel and navigate to 'Before and After Slider -> Settings'. Intercept the POST request using a tool like Burp Suite. Append the file data to the request, ensuring the correct form boundaries are used, and upload a file named 'shell.php' containing PHP code for executing commands. After uploading, the web shell can be accessed and executed via the WordPress uploads directory.

Remediation

Users are advised to update the BEAF WordPress plugin to version 4.6.11 or later.