CVE-2024-8425
CRITICALCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.6.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Analysis
The WooCommerce Ultimate Gift Card plugin through version 2.6.0 contains unauthenticated arbitrary file uploads in the mail preview and cart functions. Insufficient file type validation allows attackers to upload PHP webshells through the gift card functionality, achieving remote code execution on e-commerce sites.
Technical Context
The mwb_wgm_preview_mail and mwb_wgm_woocommerce_add_cart_item_data functions process file uploads for gift card customization without proper file type validation. An unauthenticated attacker can upload PHP files through these endpoints, which are stored in web-accessible directories. The uploaded PHP can be executed directly via HTTP.
Affected Products
['WooCommerce Ultimate Gift Card <= 2.6.0']
Remediation
Update to a version beyond 2.6.0. Restrict uploaded file types to images only. Configure the web server to block PHP execution in upload directories. Scan upload directories for PHP files.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today