|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-11-13 | |
| Rule Name: | WordPress Wux Blog Editor Plugin Arbitrary File Upload Vulnerability (CVE-2024-9932) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |
| Impact: | Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://plugins.trac.wordpress.org/browser/wux-blog-editor/tags/3.0.0/External_Post_Editor.php#L675 https://www.wordfence.com/threat-intel/vulnerabilities/id/c2c0ab2d-1ba9-4a0a-b1fa-bacebe1034eb?source=cve |
|
| Solutions |
|---|
| Please refer to announcements or patches release by the vendor: https://www.wordfence.com/threat-intel/vulnerabilities/id/c2c0ab2d-1ba9-4a0a-b1fa-bacebe1034eb |