CVE-2024-12854
Published: 08 January 2025
Description
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Security Summary
CVE-2024-12854 is an arbitrary file upload vulnerability in the Garden Gnome Package plugin for WordPress, affecting all versions up to and including 2.3.0. The flaw arises from missing file type validation in the functionality that automatically extracts uploaded 'ggpkg' files, allowing malicious files to be processed and stored on the server.
Authenticated attackers with Author-level access or higher can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables the upload of arbitrary files to the affected WordPress site's server, which may lead to remote code execution. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is categorized under CWE-434 (Unrestricted Upload of File with Dangerous Type).
Advisories from Wordfence and the WordPress plugin trac repository detail the issue, with a patch available in changeset 3215986 of the Garden Gnome Package plugin repository.
Details
- CWE(s)