WordPress Image Resizer On The Fly Plugin Unauthenticated Arbitrary File Deletion Vulnerability

A vulnerability allowing unauthenticated arbitrary file deletion has been identified in the Image Resizer On The Fly plugin for WordPress, affecting all versions through 1.1. The issue arises from inadequate validation of file paths in the 'delete' task, enabling attackers to delete arbitrary files on the server. This vulnerability could lead to remote code execution if critical files, such as wp-config.php, are deleted.

Impact

Exploitation of this vulnerability could result in unauthorized deletion of files on the server, potentially leading to remote code execution if a sensitive file is removed.

Reproduction

To reproduce this vulnerability, send a request to the WordPress site with the 'task' parameter set to 'delete', along with the 'file_name' parameter specifying the path of the file to be deleted. This can be done through a direct HTTP request or by clicking a generated delete link in the WordPress admin area.