Arbitrary File Deletion in HyperComments plugin for WordPress
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | N/A |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
HyperComments Web applications / Modules and components for CMS |
| Vendor | Alexandr Bazyk |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper access control
EUVDB-ID: #VU47432
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the affected plugin does not validate and sanitise user input which is being concatenated to create a file path, passed to unlink(). A remote attacker can bypass implemented security restrictions and cause arbitrary file deletion.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHyperComments: 1.0.0 - 1.2.1
External linkshttp://wpvulndb.com/vulnerabilities/10423/
http://lenonleite.com.br/en/2018/01/08/13-17-wordpress-plugins-with-over-150000-270000-active-downloads-with-the-same-security-issues/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
