Earlier this week, an arbitrary file upload vulnerability has been found in popular WordPress plugin WooCommerce Checkout Manager which extends the functionality of well known WooCommerce plugin.

The vulnerability has been publicly disclosed by pluginvulnerabilities.com which continues the protest against WordPress forums moderators:

At the time of writing this article, the vulnerability in WooCommerce Checkout Manager is not patched and potentially puts more than 60,000 websites at risk.

Is your website protected from plugin vulnerabilities? Protect your sites now

The vulnerability affects users that have enabled “Categorize Uploaded Files” option within plugin settings.

Vulnerable functionality is the one that allows users and visitors to upload files in a form on checkout. However, even if you don’t have a file upload field in your site’s form – you are still vulnerable as long as you have mentioned option enabled.

From the more technical aspect, vulnerability occurs inside “includes/admin.php” file at line 2084 on which application is moving given files to a directory using “move_uploaded_file” without prior proper check for allowed files.

The vulnerable function is accessible to both, registered users and visitors as ajax hooks are registered to non-authenticated users as well.

Since there is no privilege or permission check before uploading a file, the exploitation of the vulnerability in WooCommerce Checkout Manager is simple and doesn’t require an attacker to be registered on the site.

If you are using WooCommerce Checkout Manager plugin, please disable “Categorize Uploaded Files” option on the plugin settings page or disable plugin completely until developers release a patched version of the plugin.

WebARX web application firewall (WAF) is already protecting from this attack and WebARX users are safe.

Make sure your site is safe from such vulnerabilities. Try webarx today