CVE-2024-6651 Scanner

The WordPress File Upload plugin is a popular WordPress extension designed to allow users to easily upload files directly through frontend forms. Typically used by websites for user-generated content, community file-sharing, customer feedback, or document management, it enables seamless and controlled file submissions. Developed primarily for WordPress websites, the plugin is extensively used by site administrators, bloggers, educators, businesses, and non-profit organizations. Its key features include file upload customization, user-role-based access control, and built-in file browser functionality. The plugin is particularly valued for its simplicity, flexibility, and integration with the WordPress administrative interface. As a result, it remains a preferred choice for enabling easy and secure document submission within WordPress environments.

The identified vulnerability is a Reflected Cross-Site Scripting (XSS) flaw found in the WordPress File Upload plugin. It arises due to inadequate sanitization of the 'dir' parameter used on the plugin's file browser page. Malicious attackers can exploit this flaw by crafting specially formed URLs containing malicious JavaScript payloads. When a victim accesses this manipulated URL, the malicious script executes in the victim's browser context. Exploitation typically requires user interaction, making social engineering a likely method for successful attacks. All plugin versions prior to 4.24.8 are susceptible to this XSS vulnerability.

Technically, the vulnerability exists in the file browser feature accessible via the plugin’s administration interface, specifically located at '/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser'. The plugin directly uses user-provided data in the 'dir' parameter within the webpage output without proper escaping or validation. Attackers exploit this issue by injecting a malicious JavaScript snippet, causing the server response to reflect and execute the injected code. A typical exploitation scenario involves sending a URL containing encoded scripts such as '">'. Due to this reflection of user input, attackers successfully execute client-side code, bypassing browser security restrictions and potentially accessing sensitive user data or session cookies. This technical oversight significantly increases the risk to site visitors and administrators.

Successful exploitation of this vulnerability can lead to severe consequences, including unauthorized access to user session cookies, hijacking of user sessions, and phishing attacks. Attackers could further exploit this vulnerability to deface websites, execute malicious scripts, or redirect users to fraudulent or harmful websites. Such exploitation could severely damage user trust, compromise personal or sensitive data, and disrupt website operations. In a broader scope, this vulnerability can also be used for advanced attacks aiming at privilege escalation, ultimately compromising administrative accounts. The reputational, financial, and operational impacts on affected organizations can be substantial and lasting.

REFERENCES

• https://github.com/advisories/GHSA-cq39-wq4r-hjrj
• https://nvd.nist.gov/vuln/detail/CVE-2024-6651