Overview

WordPress is vulnerable to multiple critical vulnerabilities. Exploitation of these vulnerabilities may allow an unauthenticated attacker to execute arbitrary codes.

Description

WordPress plugins yayextra, blox-page-builder, horizontal-scrolling-announcements, js_composer are affected by the vulnerabilities tracked as CVE-2024-7257, CVE-2024-6315, CVE-2023-5000, and CVE-2024-5709 with CVSS score of 9.8, 8.8, 8.8 and 8.8 respectively. The plugins are vulnerable to arbitrary file uploads due to missing file type validation in the handle_upload_file function, arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function, SQL Injection via the plugin's 'hsas-shortcode' shortcode and to Local File Inclusion via the 'layout_name' parameter. Remote attackers can exploit the vulnerabilities to achieve arbitrary code execution.

Impact

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution

WordPress has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References

• 1. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yayextra/yayextra-woocommerce-extra-product-options-137-unauthenticated-arbitrary-file-upload-via-handle-upload-file-function
• 2. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/blox-page-builder/blox-page-builder-1065-authenticated-contributor-arbitrary-file-upload
• 3. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/horizontal-scrolling-announcements/horizontal-scrolling-announcements-24-authenticated-contributor-sql-injection-via-shortcode
• 4. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/js_composer-2/wpbakery-77-authenticated-author-local-file-inclusion