CVE-2015-9499 Scanner
Detects arbitrary file upload vulnerability in ShowBiz Pro plugin for WordPress (CVE-2015-9499)
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
8 days 4 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
The ShowBiz Pro plugin for WordPress, developed by ThemePunch, contains a critical vulnerability in versions ≤ 1.7.1 that allows attackers to upload arbitrary PHP files and gain remote code execution capabilities on the server.
This vulnerability, tracked as CVE-2015-9499, occurs due to improper validation and lack of authorization checks in the `admin-ajax.php` endpoint. An attacker can exploit the `update_plugin` action by sending a specially crafted ZIP file containing a PHP payload. The file gets extracted and becomes accessible via the plugin’s temporary folder: `/wp-content/plugins/showbizpro/temp/update_extract/`.
This results in full compromise of the WordPress site, allowing attackers to execute arbitrary PHP code remotely and potentially pivot further into the system or escalate privileges.
REFERENCES