GutenBee WordPress Plugin Arbitrary File Upload Vulnerability Allowing Remote Code Execution

A vulnerability exists in the GutenBee – Gutenberg Blocks plugin for WordPress, specifically in versions through 2.20.1. The issue allows authenticated users with author-level access and above to upload files arbitrarily. This vulnerability arises from a flawed validation check in the 'gutenbee_file_and_ext_json' function, which only verifies if the filename contains '.json' instead of ensuring it ends with a .json extension. As a result, double-extension filenames like 'shell.json.php' can bypass the validation, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability could allow for arbitrary file uploads, including executable files, which could be used to execute code remotely on the server.

Reproduction

To reproduce this vulnerability, an authenticated user with author-level access or higher can upload a file through the WordPress media uploader. The 'gutenbee_file_and_ext_json' function will incorrectly validate the file type, allowing double-extension files that could be executed on the server to be uploaded.

Remediation

Users are advised to update the GutenBee WordPress plugin to version 2.20.2 or later, where this vulnerability has been patched.