CVE-2024-6220 Scanner

The WordPress Keydatas plugin offers a suite of functionalities designed for data collection in Chinese websites. It aids webmasters by facilitating tasks like downloading and managing digital content seamlessly. Used extensively by organizations in China, this plugin helps circumvent data management complexities inherent in WordPress systems. With its popularity, the plugin appeals to a wide user base that ranges from corporate entities to individual blog owners. It is pivotal for data-driven operations on WordPress platforms, intended to ease content administration, and enhance the user interface by streamlining digital workflows.

The vulnerability arises from the plugin's inadequate validation mechanisms during the file upload process. Malicious actors may exploit this to upload arbitrary files due to lack of checks on the file type. This unrestricted file upload vulnerability could lead to severe threats such as unauthorized access, data theft, or even full system compromise. It represents a significant security flaw, particularly because it can be exploited without authentication. As a critical vulnerability, it demands immediate attention and remediation to prevent potential exploits.

Technically, the vulnerability is located in the `keydatas_downloadImages` function, where file-type validation is conspicuously absent. Attackers can use specially crafted requests to push arbitrary files, including malicious scripts, onto the server. The HTTP/POST parameters like `__kds_docImgs` and `__kds_download_imgs_flag` play a role in executing the unrestricted file upload. The server's failure to check the nature and content of uploaded files could permit remote code execution capabilities. Once these files are uploaded, they can be accessed through predictable URLs, making exploitation easier.

If exploited, attackers could perform remote code executions leading to site takeover or defacement. Sensitive information stored on the server could be extracted, and backdoors may be installed for continued access. Further exploitation could enable attackers to manipulate or delete critical files, disrupt server operations, and compromise user data integrity. Continued occurrences could potentially damage the website's reputation, reduce user trust, and incur financial losses due to extended downtime or data recovery expenses.

REFERENCES

• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/keydatas/keydatas-252-unauthenticated-arbitrary-file-upload
• https://github.com/advisories/GHSA-29rm-j4cx-hmc5
• https://nvd.nist.gov/vuln/detail/CVE-2024-6220