All versions of WordPress and XplodedThemes WPide plugin are vulnerable to this arbitrary file edit/upload vulnerability. You can discover the vulnerable version of XplodedThemes WPide plugin from the following url, http://xploded-themes.com/wpide/
Arbitrary File Edit/Upload Vulnerability Exploitation Steps 1) You need to login to your XplodedThemes WPide Press installation with the administrator credentials. 2) Click on “Admin” link present on the sidebar. 3) You will see a list of options under “Settings” heading. 4) Click on “Add new option”. 5) Now enter any option name and click on “Add new option” button again. 6) Now you need to edit the value of this option. 7) Edit any file path, name or file type. 8) Click on “Save” button to save the changes done in this option. 9) Now go to the “Admin” link again and click on “Upload” link to upload any file. 10) Click on “Activate” link to activate the option. 11) Now go to the “Settings” link and click on “Disable” link to disable the option. 12) Click on “Save” button to save the changes done in this WPide plugin.
WordPress Arbitrary File Upload Vulnerability
This vulnerability allows anyone to upload any file inside the WordPress installation directory.
This vulnerability affects all versions of WordPress and XplodedThemes WPide plugin installation.
This vulnerability has been already reported to the WordPress security team.
The following are the steps you need to take if you have an affected installation:
1) You need to login to your XplodedThemes WPide Press installation with the administrator credentials. 2) Click on “Admin” link present on the sidebar. 3) You will see a list of options under “Settings” heading. 4) Click on “Add new option”. 5) Now enter any option name and click on “Add new option” button again. 6) Now you need to edit the value of this option. 7) Edit any file path, name or file type. 8) Click on “Save” button to save the changes done in this option. 9) Now go to the “Admin” link again and click on “Upload” link to upload any file. 10) Click on “Activate” link to activate the option. 11) Now go to the “Settings” link and click on “Disable” link to disable the option. 12) Click on “Save” button to save the changes done in this WPide plugin.(CVE-2022-40217).
Timeline
Published on: 09/21/2022 20:15:00 UTC
Last modified on: 09/23/2022 03:00:00 UTC