CVE-2024-11270
Published: 08 January 2025
Description
The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution.
Security Summary
CVE-2024-11270 is an arbitrary file creation vulnerability in the WordPress Webinar Plugin – WebinarPress for WordPress, affecting all versions up to and including 1.33.24. The issue arises from a missing capability check on the 'sync-import-imgs' function combined with absent file type validation, classified under CWE-862 (Missing Authorization). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-08.
Authenticated attackers possessing subscriber-level access or higher can exploit this vulnerability over the network with low complexity and no user interaction required. By leveraging the flawed function, they can upload and create arbitrary files on the server, which may enable remote code execution depending on server configuration and file placement.
Advisories point to mitigation through updating the plugin, with a patch applied via changeset 3216237 in the WordPress plugin Trac repository, modifying the file at wp-webinarsystem/trunk/includes/class-webinarsysteem-ajax.php. Further technical details and threat intelligence are documented by Wordfence at their vulnerability page.
Details
- CWE(s)