Kory's Replies | ww.wp.xz.cn

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)

Forum: Plugins
In reply to: [WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce] Is it true that unauthenticated users can upload any image to my site?

Thread Starter Kory
(@koryrichardson)

1 year, 4 months ago

Hi @jathinhelp,

Thank you for the response, glad that this will be updated.

It might also be worth looking into the .docx and .pdf file upload permissions via the upload_file ajax call, as only an account is required to upload this type of document. If self-signup is allowed on a site, then this can open the door to this type of file upload from anyone. On some devices, landing on the file’s URL is converted directly to a yes/no confirmation of download.

If you’d like help assigning a CVE for the original request, https://www.wordfence.com/threat-intel/bug-bounty-program/ can help.

Best,

Kory

Forum: Plugins
In reply to: [WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce] Is it true that unauthenticated users can upload any image to my site?

Thread Starter Kory
(@koryrichardson)

1 year, 4 months ago

Hi @jathinhelp,

Really? Were you able to confirm this with what was provided?

It appears that while the item is pending in the database, the image is automatically uploaded to the wp-content directory.

So, someone could upload a malicious image to a site with this plugin installed, and then point other users to that image. Here is a link to a screen recording as demonstration:

https://drive.proton.me/urls/BBQNAZN728#YTVN9PmtxQjg

Best,
—

Viewing 2 replies - 1 through 2 (of 2 total)