CVE-2021-25082 Scanner

The WordPress Popup Builder plugin is widely used by website administrators to create and manage pop-up elements on WordPress sites. It allows for the effortless incorporation of custom pop-up designs to capture leads, integrate marketing campaigns, or display important messages to site visitors. This software is particularly favored by small-to-medium business owners and digital marketers aiming to enhance user engagement. Given its ease of use and extensive customization options, it is a popular choice among non-technical users as well. Alongside this, website developers might deploy this tool for its API capabilities allowing further custom integrations. The vulnerability discussed herein pertains specifically to versions before 4.0.7 of this plugin.

Remote Code Execution (RCE) vulnerabilities permit attackers to execute arbitrary code on a target system. In this case, the Flaw within the WordPress Popup Builder plugin version 4.0.7 or earlier can be exploited by unauthorized users. This flaw arises due to insufficient sanitization of the 'sgpb_type' parameter, making systems vulnerable to PHAR deserialization attacks. Such issues can potentially lead to complete compromise of the host server and exposure to additional layered attacks. It is crucial for affected installations to address this vulnerability to prevent unauthorized system access.

This vulnerability is introduced through inadequate input validation, specifically with the 'sgpb_type' parameter. The plugin's processing allows the inclusion of unwanted files through wrapper transformations, particularly PHAR, enabling arbitrary file execution. Attackers can manipulate this endpoint to include crafted files, deploying them successfully due to inadequate validation checks. This exploitation path can particularly be leveraged upon gaining preliminary system access through techniques like upload of 'malicious.zip' which contain PHP executable code disguised as a harmless file. Upon execution, it enables further attacks on the system, underpinning the critical severity linked with RCE exploits.

Exploitation of this vulnerability can facilitate the execution of arbitrary code on the target system. Once achieved, malicious users can install further malware, steal sensitive information, or manipulate data stored on the server. This includes gaining full administrative access over the plugin's associated website. Potentially, this could lead to severe business disruption, data breaches, or web defacement. Given the access potential offered by RCE, the ability to execute a wide array of harmful actions could jeopardize website integrity and user trust. Prompt remediation is essential to mitigate these possible adverse impacts.

REFERENCES

• https://wpscan.com/vulnerability/0f90f10c-4b0a-46da-ac1f-aa6a03312132/
• https://nvd.nist.gov/vuln/detail/CVE-2021-25082