Unrestricted Upload of File with Dangerous Type Affecting wordpress package, versions *


Severity

Recommended
low

Based on Debian security rating.

Threat Intelligence

EPSS
19.29% (97th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Unrestricted Upload of File with Dangerous Type vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-DEBIAN12-WORDPRESS-1564011
  • published10 Aug 2018
  • disclosed10 Aug 2018

Introduced: 10 Aug 2018

CVE-2018-14028  (opens in a new tab)
CWE-434  (opens in a new tab)

How to fix?

There is no fixed version for Debian:12 wordpress.

NVD Description

Note: Versions mentioned in the description apply only to the upstream wordpress package and not the wordpress package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins.