The Nationwide Vulnerability Database has revealed a vulnerability advisory for the ShortPixel Allow Media Change WordPress plugin utilized by over 600,000 web sites. A high severity vulnerability has been discovered that might enable an attacker to add arbitrary recordsdata.

America Vulnerability Database (NVD) assigned the vulnerability a rating of 8.8 out of 10, with 10 representing the very best severity.

Allow vulnerability in media alternative plugin

Usually one can’t add a picture with the identical filename to replace an present picture.

ShortPixel’s Allow Media Change plugin permits customers to simply replace pictures with out having to delete the outdated picture after which add the up to date model with the identical filename.

Safety researchers found that customers with publish rights can add arbitrary recordsdata, together with PHP shells, often known as backdoors.

A plugin that permits uploads (kind submissions) ideally checks that the file matches what’s about to be uploaded.

However in response to NVD’s safety warning, that does not appear to occur when customers add picture recordsdata.

The Nationwide Vulnerability Database revealed this description:

“The Allow Media Change WordPress plugin previous to 4.0.2 doesn’t stop authors from importing arbitrary recordsdata to the location, probably permitting them to add PHP shells to affected websites.”

This kind of vulnerability is classed as: Unrestricted add of recordsdata of harmful sort.

Because of this anybody with writer rights can add a PHP script which may then be run remotely by an attacker as there are not any restrictions on what will be uploaded.

PHP shell

A PHP shell is a instrument that permits a website administrator to connect with the server remotely and do issues like upkeep, upgrades, manipulating recordsdata, and utilizing command line utilities.

That is a scary quantity of entry for a hacker, which may clarify why this vulnerability has a Excessive rating of 8.8.

This kind of entry is often known as a backdoor.

A GitHub backdoor record describes this kind of exploit:

“Hackers sometimes use an add panel designed to add pictures to web sites.

That is normally discovered as soon as the hacker has logged in because the website administrator.

Shells will also be uploaded to the pc through exploits or distant file inclusion or a virus.”

Beneficial motion

ShortPixel has launched a patch for the vulnerability. The repair is ​​documented within the official changelog positioned within the WordPress repository for the plugin.

ShortPixel Allow Media Change Plugin sooner than model 4.0.2 are weak.

Plugin customers ought to think about updating to at the very least model 4.0.2.

Learn the official NVD advisory for the vulnerability:

CVE-2023-0255 element

Featured picture from Shutterstock/Asier Romero