Support » Plugin: MiniMax - Page Layout Builder » vulnerability in upload system

  • Resolved aspictech

    (@aspictech)


    Hi everyone,

    My wordpress was recently hacked through your plugin.
    In my web server logs, the hacker used a POST request in page “/wp-admin/admin-post.php?page=page-layout-builder&action=upload_logo&task=uploadlogo”.
    Doing this, he put a php file in the folder “/wp-content/plugins/page-layout-builder/images/”.
    I’m surehe wasn’t logged on the wordpress.

    I found a similar vulnerability on another plugin. Here is the vulerability :
    http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html
    And the fix for the plugin :
    https://plugins.trac.wordpress.org/changeset/941314/wysija-newsletters/tags/2.6.7/helpers/back.php

    What I understand is that page layout builder doesn’t check that users are allowed to upload files. I thought WordPress would ensure this, but..

    Note that function uploadfavicon has the same weakness…

    We are trying to fix this internally waiting for an official update from you !

    Thanks for the plugin 🙂

    https://wordpress.org/plugins/page-layout-builder/

    EDIT :

    We tried something in file page-layout-builder.php, by replacing :

    add_action(‘init’, ‘upload_logo’, 0);
    add_action(‘init’, ‘upload_favicon’, 0);

    by this :

    add_action(‘admin_post_upload_logo’, ‘upload_logo’, 0);
    add_action(‘admin_post_upload_favicon’, ‘upload_favicon’, 0);

    Hope it helps.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘vulnerability in upload system’ is closed to new replies.