SureForms WordPress Plugin Arbitrary File Deletion Vulnerability
Vulnerability
A vulnerability allowing unauthenticated arbitrary file deletion has been identified in the SureForms WordPress plugin, specifically in versions through 1.7.3. The issue arises from inadequate file path validation in the delete_entry_files() function, which enables attackers to delete arbitrary files on the server. This vulnerability could lead to remote code execution if a critical file, such as wp-config.php, is deleted.
Impact
Exploitation of this vulnerability allows for unauthenticated users to delete arbitrary files on the server, potentially leading to remote code execution.
Reproduction
The vulnerability can be reproduced by sending a request to the WordPress site with the 'entry_id' parameter corresponding to a form entry that has associated upload files. The 'action' parameter should be set to 'delete'. This can be done through the WordPress admin interface by selecting the entry and choosing to delete it, which will trigger the file deletion process.
Remediation
Users are advised to update the SureForms WordPress plugin to version 1.7.4 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.