CVE-2018-14028
Summary
| CVE | CVE-2018-14028 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-08-10 16:29:00 UTC |
| Updated | 2018-10-10 13:06:00 UTC |
| Description | In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins. |
Risk And Classification
Problem Types: CWE-434
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Unrestricted File Upload via Plugin Uploader in WordPress - rastating.github.io | MISC | rastating.github.io | Third Party Advisory |
| #44710 (Upload plugin and theme functionalities are not removing uploaded files after failure conditions.) – WordPress Trac | MISC | core.trac.wordpress.org | Third Party Advisory |
| WordPress CVE-2018-14028 Arbitrary File Upload Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| upload non-encapsulated payload when zip installation fails by viniciusmarangoni · Pull Request #52 · rastating/wordpress-exploit-framework · GitHub | MISC | github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.