Overview

WordPress is vulnerable to a critical vulnerability. Exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code.

Description

WordPress plugins userpro-mediamanager, worpit-admin-dashboard-plugin, dc-woocommerce-multi-vendor, and trx_addons are affected by the vulnerabilities tracked as CVE-2024-12822, CVE-2024-13742, CVE-2025-0493, and CVE-2024-13448 with a CVSS score of 9.8 each. The plugins are vulnerable due to missing capability check on the add_capto_img() function, presence of POP chain via an additional plugin or theme installed, Limited Local File Inclusion and missing file type validation in the 'trx_addons_uploads_save_data' function. The vulnerabilities allow unauthenticated attackers to gain administrative user access, bypass access controls, delete arbitrary files, retrieve sensitive data, or execute code.

Impact

Successful exploitation of these vulnerabilities may allow the attackers to gain escalated privileges on the affected system.

Solution

WordPress has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References

• 1. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/userpro-mediamanager/media-manager-for-userpro-3120-missing-authorization-to-unauthenticated-arbitrary-options-update
• 2. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/worpit-admin-dashboard-plugin/icontrolwp-multiple-wordpress-site-manager-445-unauthenticated-php-object-injection
• 3. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/dc-woocommerce-multi-vendor/multivendorx-the-ultimate-woocommerce-multivendor-marketplace-solution-4214-unauthenticated-limited-local-file-inclusion
• 4. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/trx_addons/themerex-addons-2323-unauthenticated-arbitrary-file-upload-in-trx-addons-uploads-save-data