Intrusion PreventionWordPress.wpStoreCart.Plugin.Arbitrary.File.Upload
Description
This indicates an attack attempt to exploit a Remote File Inclusion vulnerability in wpStoreCart Plugin for WordPress.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling uploaded files. A remote attacker can exploit this to upload arbitrary files and by making a direct request to the file, also execute the script file uploaded.
Affected Products
wpStoreCart Plugin for WordPress 2.5.27
wpStoreCart Plugin for WordPress 2.5.28
wpStoreCart Plugin for WordPress 2.5.29
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected site.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://plugins.trac.wordpress.org/changeset?old_path=%2Fwpstorecart&old=555124&new_path=%2Fwpstorecart&new=555124
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-02-01 | 14.540 | Name:Wordpress. wpStoreCart. Plugin. Arbitrary. File. Upload:WordPress. wpStoreCart. Plugin. Arbitrary. File. Upload |
References
http://www.exploit-db.com/exploits/19023/| ID | 34832 |
| Created | Mar 20, 2013 |
| Updated | Jan 31, 2019 |
| Risk |
|
| CVE ID | CVE-2012-3576 |
| Exploit Prediction Score | 38.26% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | PHP_app |