User Frontend WordPress Plugin Arbitrary File Upload Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in the User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress. This issue arises from improper file type validation in the 'WPUF_Admin_Settings::check_filetype_and_ext' and 'Admin_Tools::check_filetype_and_ext' functions, affecting all versions through 4.2.8. The vulnerability allows authenticated attackers with Author-level access or higher to upload arbitrary files to the server, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability could allow for arbitrary file uploads, with the potential for remote code execution, depending on the nature of the uploaded files.

Reproduction

To reproduce this vulnerability, an authenticated user with Author-level access or higher can upload a JSON file through the WordPress media uploader. The 'wpuf-form-uploader' type must be specified, which will bypass the default file type checks and allow the upload of files that could be executed as code.

Remediation

Users are advised to update the User Frontend plugin to version 4.2.9 or later.