CVE-2018-14028
CVSS V2 Medium 6.5
CVSS V3 High 7.2
Description
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins.
Overview
- CVE ID
- CVE-2018-14028
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2018-08-10T16:29:00
- Last Modified Date
- 2018-10-10T13:06:52
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:wordpress:wordpress:4.9.7:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- SINGLE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 6.5
- Severity
- MEDIUM
- Exploitability Score
- 8
- Impact Score
- 6.4
CVSS Version 3
- Version
- 3.0
- Vector String
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- HIGH
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 7.2
- Base Severity
- HIGH
- Exploitability Score
- 1.2
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/ | Third Party Advisory |
| https://github.com/rastating/wordpress-exploit-framework/pull/52 | Third Party Advisory |
| https://core.trac.wordpress.org/ticket/44710 | Third Party Advisory |
| http://www.securityfocus.com/bid/105060 | Third Party Advisory VDB Entry |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2018-14028 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14028 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 18:33:30 | Added to TrackCVE | |||
| 2022-12-03 11:03:26 | 2018-08-10T16:29Z | 2018-08-10T16:29:00 | CVE Published Date | updated |
| 2022-12-03 11:03:26 | 2018-10-10T13:06:52 | CVE Modified Date | updated | |
| 2022-12-03 11:03:26 | Analyzed | Vulnerability Status | updated |