Main Vulnerability Database SB2019021413

SB2019021413 - Path traversal in Cost Estimation plugin for WordPress

Published: February 14, 2019 Updated: February 16, 2019

Security Bulletin ID SB2019021413

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient patch released in version 9.644. The name of the uploaded file is constructed from a user-supplied value passed via $formSession variable. A remote authenticated attacker can upload an arbitrary file, change the session variable value to a string, containing directory traversal characters (e.g. "../"), bypass the implemented path traversal protection and upload arbitrary file to the system.

Successful exploitation of this vulnerability may result in website compromise.

Remediation

Install update from vendor's website.

References

https://www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-estimation-plugin/