Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress Cherry < 1.2.7 - Unauthenticated Arbitrary File Upload and Download" module is designed to detect a vulnerability in the WordPress plugin Cherry version 1.2.7 and below. This vulnerability allows an attacker to upload files directly to the server without authentication. The severity of this vulnerability is classified as high.
If exploited, this vulnerability can lead to unauthorized access to sensitive files on the server. An attacker could potentially upload malicious files or backdoors, compromising the security and integrity of the WordPress website.
The module sends an HTTP GET request to the vulnerable endpoint:
/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php
The module then checks for specific words in the response body, such as "DB_NAME" and "DB_PASSWORD", to confirm the presence of sensitive information. Additionally, it verifies that the HTTP response status is 200.
If both conditions are met, the module reports a vulnerability, indicating that the WordPress Cherry plugin is susceptible to unauthenticated arbitrary file upload and download.