Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3.
The vulnerability of type CWE-434 (Unrestricted Upload of File with Dangerous Type) results from the lack of proper verification of the type and content of uploaded files on the server side. An attacker without any authentication can upload a file with a dangerous extension (e.g., PHP) through the frontend form handling mechanism provided by the plugin. Once the malicious file is placed on the server, the attacker can then execute its contents, gaining remote control of the server.
An attacker can gain the ability to execute arbitrary code (RCE) on the server hosting the vulnerable WordPress installation, which can consequently lead to complete server compromise, data theft, installation of backdoors, and further lateral movement within the infrastructure.
The Frontend Admin by DynamiApps plugin should be immediately updated to a version higher than 3.18.3, in accordance with information available from the vendor and in the Patchstack database. Until the update is applied, it is recommended to disable the plugin. It is also advisable to conduct a file audit on the server to detect any potentially already uploaded malicious files.
The WordPress Frontend Admin by DynamiApps plugin (acf-frontend-form-element) in versions from its initial release through 3.18.3 inclusive.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HDynamiapps Frontend Admin
APPDynamiapps≤ 3.18.3
Related vulnerabilities
Auth Bypass i privilege escalation w pluginie Frontend Admin dla WordPress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shabti K...
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submiss...
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up...
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' paramet...