A vulnerability advisory was issued for a WordPress Contact Kind 7 add-on plugin that permits unauthenticated attackers to “simply” launch a distant code execution. The vulnerability is rated excessive (8.8/10) on the CVSS menace severity scale.
Screenshot from Wordfence advisory displaying 8.8 CVSS severity ranking
Redirection for Contact Kind 7 plugin
The vulnerability impacts the Redirection for Contact Kind 7 WordPress plugin, which is put in on over 300,000 web sites. The plugin extends the performance of the favored Contact Kind 7 plugin. It allows a web site writer not solely to redirect a consumer to a different web page but in addition to retailer the data in a database, ship electronic mail notifications, and block spammy type submissions.
The vulnerability arises in a plugin perform. WordPress capabilities are PHP code snippets that present particular functionalities. The precise perform that comprises the flaw is named the delete_associated_files perform. That perform comprises an inadequate file path validation flaw, which suggests it doesn’t validate what a consumer can enter into the perform that deletes information. This flaw allows an attacker to specify a path to a file to be deleted.
Thus, an attacker can specify a path (comparable to ../../wp-config.php) and delete a important file like wp-config.php, clearing the best way for a distant code execution (RCE) assault. An RCE assault is a sort of exploit that permits an attacker to execute malicious code remotely (from anyplace on the Web) and acquire management of the web site.
The Wordfence advisory explains:
“This makes it doable for unauthenticated attackers to delete arbitrary information on the server, which may simply result in distant code execution when the correct file is deleted (comparable to wp-config.php).”
The vulnerability impacts all variations of the plugin as much as and together with model 3.2.4. Customers of the affected plugin are suggested to replace the plugin to the newest model.
Featured Picture by Shutterstock/Everyonephoto Studio
