WordPress Upload Files Anywhere Plugin Path Traversal Vulnerability Allowing Arbitrary File Deletion
Vulnerability
A path traversal vulnerability has been identified in the WordPress Upload Files Anywhere plugin, specifically in versions through 2.8. This vulnerability allows for improper limitation of file upload paths, enabling arbitrary file deletion. Exploiting this issue could lead to the removal of critical files from a website, potentially causing the site to malfunction or break.
Impact
Exploitation of this vulnerability could result in the unauthorized deletion of files from the affected WordPress site. If essential core files are removed, it could disrupt the site's functionality, causing it to break or stop working altogether.
Remediation
Users are advised to mitigate this vulnerability immediately. Patchstack has released a mitigation rule that can be applied to block potential attacks until an official patch is available. For more information on how to apply this mitigation, visit the Patchstack website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.