In today's post, we'll be discussing a vulnerability that was discovered in a popular WordPress plugin, JobSearch WP Job Board. This plugin provides various functionalities for creating job board websites with WordPress.
CVE Identifier: CVE-2024-8614
Vulnerable WordPress Plugin: JobSearch WP Job Board
Affected Versions: Up to and including 2.6.7
Vulnerability Type: Arbitrary File Upload (Missing File Type Validation)
An attacker with authorized access to a WordPress site, having subscriber privileges or above, can upload arbitrary files on the affected site's server, possibly leading to remote code execution. This is primarily due to a missing file type validation check in the jobsearch_wp_handle_upload() function of the JobSearch WP Job Board plugin.
Exploit Details
The core vulnerability lies in the jobsearch_wp_handle_upload() function, which is generally used to handle file uploads for various functionalities provided by the plugin. In affected versions, the function does not validate the uploaded file's type, allowing a malicious attacker to upload arbitrary files, potentially leading to remote code execution.
Here's the code snippet from the vulnerable function (in versions up to and including 2.6.7)
function jobsearch_wp_handle_upload($file, $upload_dir = '', $mimes = array())
{
$time = current_time('mysql');
if (isset($_POST['action']) && $_POST['action'] == 'jobsearch_admin_ajax_jobsearch_wp_handle_upload') {
//...
}
//...
$uploads = wp_upload_dir($time);
if (!empty($upload_dir)) {
$uploads['path'] .= '/' . $upload_dir;
$uploads['url'] .= '/' . $upload_dir;
}
//...
}
As visible in the above code snippet, the function does not validate the uploaded file's type before processing the file upload. This essentially makes it possible for an attacker to exploit the vulnerability by uploading a malicious file to the server.
It is highly recommended for users to update the JobSearch WP Job Board plugin to the latest version (2.6.8 and above), wherein the developers have fixed the vulnerability by implementing proper file type validation.
Original References
1. JobSearch WP Job Board Plugin Homepage
2. CVE-2024-8614 Official Advisory
3. JobSearch WP Job Board Plugin Changelog
To protect your WordPress site from this vulnerability, please follow these steps
1. Update the JobSearch WP Job Board plugin to the latest version (2.6.8 or above), which has fixed the vulnerability.
2. Regularly update your WordPress core, plugins, and themes to ensure you're protected from any known security vulnerabilities.
Wrap Up
The arbitrary file upload vulnerability in the JobSearch WP Job Board plugin for WordPress (CVE-2024-8614) can lead to remote code execution if exploited by an attacker with at least subscriber-level access to the website. It is crucial to update the plugin to the latest version (2.6.8 or above), as the developers have fixed the vulnerability by implementing proper file type validation in the jobsearch_wp_handle_upload() function. In addition, always keep your WordPress site updated and follow best practices to maintain a secure environment.
Timeline
Published on: 11/06/2024 09:15:04 UTC
Last modified on: 11/08/2024 20:23:41 UTC