WordPress is the most popular CMS on the web. According to w3tech, it is used by approximately 30% of all websites1. This wide adoption makes it an interesting target for cyber criminals. In this blog post we are going to introduce an authenticated arbitrary file deletion vulnerability in the WordPress core that can lead to attackers executing arbitrary code. The vulnerability was reported 7 months ago to the WordPress security team but still remains unpatched. The long time elapsed since the initial reporting without any patch or concrete plans has led us to the decision to make it public.
Affected WordPress Versions
Any WordPress version, including the current 4.9.6 version, is susceptible to the vulnerability described in this blogpost.
Exploiting this Vulnerability
For exploiting the vulnerability discussed in the following an attacker would need to gain the privileges to edit and delete media files beforehand. Thus, the vulnerability can be used to escalate privileges attained through the takeover of an account with a role as low as Author, or through the exploitation of another vulnerability/misconfiguration.
What can an attacker do
Exploiting the vulnerability grants an attacker the capability to delete any file of the WordPress installation (+ any other file on the server on which the PHP process user has the proper permissions to delete). Besides the possibility of erasing the whole WordPress installation, which can have desastrous consequences if no current backup is available, an attacker can make use of the capability of arbitrary file deletion to circumvent some security measures and to execute arbitrary code on the webserver. More precisely, the following files can be deleted:
- .htaccess: In general, deleting this file does not have any security consequences. However, in some occasions, the .htaccess file contains security related constraints (e.g., access constraints to some folders). Deleting this file would deactivate those security constraints.
- index.php files: Oftentimes empty index.php files are placed into directories to prevent directory listing for the case the webserver fails to do so. Deleting those files would grant an attacker a listing of all files in directories protected by this measure.
- wp-config.php: Deleting this file of a WordPress installation would trigger the WordPress installation process on the next visit to the website. This is due to the fact that wp-config.php contains the database credentials, and without its presence, WordPress acts as if it hasn’t been installed yet. An attacker could delete this file, undergo the installation process with credentials of his choice for the administrator account and, finally, execute arbitrary code on the server.
Patch and Fix this Error
The WordPress team published an update in their security and maintenance release 4.9.7 that fixes the vulnerability described in this blog post and a related one discovered later by Wordfence.
Full information about this Vulnerability including technical details can be found here at The RipsTech Blog
Hey There. I found your blog using msn. This is a very well written article.
I’ll be sure to bookmark it and return to read more
of your useful information. Thanks for the post. I’ll definitely
comeback. http://www.mbet88vn.com
And you widespread set be successful in company.
Start article marketing as soon as should.
Heading to automatically amplify all your blogging efforts. http://yncare.net/board/666163
Useful information. Fortunate me I discovered
your website by accident, and I’m stunned why this twist of fate didn’t came about earlier!
I bookmarked it. https://blog.tecmie.com
Useful information. Fortunate me I discovered your website by accident,
and I’m stunned why this twist of fate didn’t came about earlier!
I bookmarked it. https://tecmie.com
I like the valuable information you provide in your articles.
I’ll bookmark your weblog and check again here regularly.
I’m quite certain I’ll learn lots of new stuff right here!
Good luck for the next!
I like the valuable information you provide in your articles.
I’ll bookmark your weblog and check again here regularly.
I’m quite certain I’ll learn lots of new stuff right here!
Good luck
Hello there! I know this is somewhat off topic but
I was wondering if you knew where I could find a captcha plugin for
my comment form? I’m using the same blog platform
as yours and I’m having difficulty finding one?
Thanks a lot!
bookmarked!!, I like your website!
Hey I know this is off topic but I was wondering if you
knew of any widgets I could add to my blog that
automatically tweet my newest twitter updates. I’ve been looking for a plug-in like this for quite
some time and was hoping maybe you would have some experience with
something like this. Please let me know if you run into anything.
I truly enjoy reading your blog and I look forward to your new
updates.
Wow, amazing blog layout! How long have you been blogging for?
you made blogging look easy. The overall look of your website is fantastic,
let alone the content!
At the time being, for over a year
My partner and I stumbled over here by a different web address and thought
I might as well check things out. I like what I see so now i am
following you. Look forward to going over your web page repeatedly.
Hey There. I found your blog using msn. This is a really well written article.
I’ll be sure to bookmark it and return to read more of your useful info.
Thanks for the post. I will definitely comeback.
Thanks a lot, we appreciate
Keep this going please, great job!
These are truly fantastic ideas in on the topic of blogging.
You have touched some good points here. Any way keep up
wrinting.
Its like you read my mind! You appear to know a lot about
this, like you wrote the book in it or something.
I think that you can do with some pics to drive the message home a bit, but other than that, this is
excellent blog. A great read. I’ll definitely be back.
Hi, I want to subscribe for this website to get most recent updates, thus where can i
do it please help.
There is a subscription link on our homepage
Howdy! Someone in my Facebook group shared this website with
us so I came to check it out. I’m definitely loving the information. I’m
bookmarking and will be tweeting this to my followers!
Excellent blog and fantastic design and style.
Hi, I think your website might be having browser compatibility issues.
When I look at your blog site in Firefox, it looks
fine but when opening in Internet Explorer, it has some overlapping.
I just wanted to give you a quick heads up! Other then that, excellent blog!
Thanks a lot for your input, we will definitely look into browser compatibility issues
Hey there, You have done a great job. I will definitely
digg it and personally suggest to my friends. I’m sure they will be benefited from
this website.
Definitely consider that that you said. Your favorite justification appeared to be at the web the simplest factor
to understand of. I say to you, I certainly get irked whilst folks consider worries that they plainly don’t
know about. You controlled to hit the nail upon the top and also outlined out the entire thing without having side effect
Hi there, I enjoy reading all of your article post.
I like to write a little comment to support you.
Incredible! This blog looks exactly like my old one!
It’s on a totally different subject but it has pretty much
the same layout and design. Wonderful choice of colors!
Great web site you have here.. It’s difficult to find quality writing like yours
these days. I really appreciate people like you! Take care!!
Great post. I was checking constantly this blog and I am impressed!
Extremely helpful info specially the last part
🙂 I care for such information a lot. I was
looking for this particular info for a very long time. Thank you and
good luck.