Home > Vulnerability Database > CVE-2018-14028

Mend.io Vulnerability Database

CVE-2018-14028

Date: August 10, 2018

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins.

Severity Score

7.2

Related Resources (7)

Url: https://security-tracker.debian.org/tracker/CVE-2018-14028

Url: https://core.trac.wordpress.org/ticket/44710

Url: https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/

Url: https://github.com/rastating/wordpress-exploit-framework/pull/52

Url: http://www.securityfocus.com/bid/105060

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-14028

Url: https://www.mend.io/vulnerability-database/CVE-2018-14028

Severity Score

7.2

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-14028

Date: August 10, 2018

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?