CVE-2015-9499 Scanner

The ShowBiz Pro plugin for WordPress, developed by ThemePunch, contains a critical vulnerability in versions ≤ 1.7.1 that allows attackers to upload arbitrary PHP files and gain remote code execution capabilities on the server.

This vulnerability, tracked as CVE-2015-9499, occurs due to improper validation and lack of authorization checks in the `admin-ajax.php` endpoint. An attacker can exploit the `update_plugin` action by sending a specially crafted ZIP file containing a PHP payload. The file gets extracted and becomes accessible via the plugin’s temporary folder: `/wp-content/plugins/showbizpro/temp/update_extract/`.

This results in full compromise of the WordPress site, allowing attackers to execute arbitrary PHP code remotely and potentially pivot further into the system or escalate privileges.

REFERENCES

• https://wpscan.com/vulnerability/1c8f1872-a699-464a-9c6b-f8a49ca22ecb/
• https://nvd.nist.gov/vuln/detail/CVE-2015-9499
• https://packetstormsecurity.com/files/132737/