Arbitrary file deletion in WordPress

Published: 2018-06-27 | Updated: 2018-07-05
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-12895
CWE ID CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software WordPress Subscribe
Vendor WordPress.ORG

Security Advisory

This security advisory describes one low risk vulnerability.

1) Arbitrary file deletion

Severity: Low

CVSSv3: 4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12895

CWE-ID: CWE-284 - Improper Access Control

Description

The vulnerability allows a remote authenticated user to delete arbitrary file on the system.

The vulnerability exists due to improper check for user permissions when deleting files. A remote authenticated user with ability to manage media files can send a specially crafted HTTP request and delete arbitrary file on the server.


Mitigation

Update to version 4.9.7.

Vulnerable software versions

WordPress: 4.1, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.1.19, 4.1.20, 4.1.21, 4.2, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.2.11, 4.2.12, 4.2.13, 4.2.14, 4.2.15, 4.2.16, 4.2.17, 4.2.18, 4.3, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.4.13, 4.5, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.5.8, 4.5.9, 4.5.10, 4.5.11, 4.5.12, 4.6, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.6.5, 4.6.6, 4.6.7, 4.6.8, 4.6.9, 4.7, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.8, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.9, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6

CPE External links

http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/

https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/

https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



ImmuniWeb® AI Platform for Application Security Testing