Nginx Cache Purge Preload WordPress Plugin Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Nginx Cache Purge Preload plugin for WordPress, affecting all versions up to and including 2.1.1. The vulnerability arises from inadequate sanitization of the 'HTTP_REFERER' parameter, which is passed from the 'nppp_handle_fastcgi_cache_actions_admin_bar' function to the 'nppp_preload_cache_on_update' function. This flaw allows authenticated attackers with Administrator-level access to execute arbitrary code on the server.

Impact

Exploitation of this vulnerability allows authenticated users with Administrator privileges to execute arbitrary code on the server, potentially leading to a full site compromise.

Reproduction

To reproduce this vulnerability, an authenticated user with Administrator privileges can send a request that includes a crafted 'HTTP_REFERER' header. This request should target the WordPress admin bar cache management functions, which will trigger the vulnerable 'nppp_preload_cache_on_update' function. The lack of proper input sanitization will allow the injected code to be executed on the server.

Remediation

Users are advised to uninstall the affected plugin and seek an alternative solution for managing Nginx cache operations in WordPress.