Security Vulnerability Uncovered in the WordPress Plugin 'User Submitted Posts
A newly identified security vulnerability in the User Submitted Posts WordPress plugin (versions up to 20230902) has been brought to light by the Patchstack team.
This widely used plugin, with over 20,000 active installations, serves the purpose of enabling user-generated content submissions and is developed by Plugin Planet.
The security flaw, discussed in an advisory by Patchstack security researcher Rafie Muhammad and published today, is identified as CVE-2023-45603.
Muhammad elaborates, "This plugin is susceptible to an unauthenticated arbitrary file upload vulnerability."
The weakness lies in the plugin's file upload handling, particularly within the "usp_attach_images" function. Unauthenticated users could potentially exploit this vulnerability by uploading files containing embedded PHP code, which would execute on the server, potentially jeopardizing the website's security.
Muhammad detailed in a blog post that the flaw was discovered in September 2023 and Plugin Planet promptly issued a patch just two days later. By October 10, 2023, the vulnerability had been cataloged in the Patchstack database.
The primary remedial action involved adding a whitelist check before file uploads, as outlined in the technical write-up: "Since the main problem is allowing arbitrary file name extensions to be uploaded, the vendor decided to add a whitelist check before uploading the file to the server."
The latest release of the plugin, version 20230914, has addressed this issue. Users are strongly urged to promptly update their installations to safeguard their websites from this significant security threat.
Muhammad's advice to developers is to "Always check every process of $_FILES parameters in the plugin or theme code" and to ensure thorough verification of filenames and extensions before uploading files.
Additionally, website owners are reminded to conduct code audits to identify potential vulnerabilities and maintain a whitelist of permitted file extensions as a precautionary measure against arbitrary file uploads.
For Further Reference