This issue was also present in the previous version of this plugin.
WordPress blogs are often configured in multisite mode. A common setup involves blogs being hosted on separate domains from the website's domain. When setting up a multisite network, some WordPress websites can be configured in such a way that high privilege users (such as site administrators) can upload files to any subdirectory. For example, a WordPress website hosted on example.com could be set up in a way that allows any user with high privilege to upload a file to /example/dir/anywhere. This could be used to host malicious files on the website.
In the latest version of this plugin, the any extension is now filtered by default. This prevents a high privilege user from uploading any files by setting the any extension to a non-existent file type.
Disclosure Timeline
Date of disclosure: December 1st, 2016
Date of patch release: December 22nd, 2016
Release version: 3.1.0
Description of vulnerability: This is a critical vulnerability that would allow a malicious user to upload files to any directory on the WordPress website. The only way to prevent this is by filtering any extension by default.
This issue was also present in the previous version of this plugin.
Exploitation and Catching Techniques
In the latest version of this plugin, the any extension is now filtered by default. This prevents a high privilege user from uploading any files by setting the any extension to a non-existent file type.
Current version of the plugin :
This issue was also present in the previous version of this plugin.
File upload filters in the any extension
In the latest version of this plugin, any extension is now filtered by default. This prevents a high privilege user from uploading any files by setting the any extension to a non-existent file type.
Timeline
Published on: 09/26/2022 13:15:00 UTC
Last modified on: 09/27/2022 04:37:00 UTC