Immediate Action Required for Media from FTP Plugin

A Broken Access Control vulnerability has been identified in the WordPress Media from FTP plugin. This vulnerability could allow an unprivileged user to upload arbitrary files to the website, potentially compromising the security of the website. This plugin vulnerability, discovered and responsibly reported by Marc-Alexandre Montpas, could potentially compromise the website’s integrity and security.

The vulnerability is a Broken Access Control vulnerability that occurs in the class-media-from-ftp.php file. The vulnerability allows an unprivileged user to upload arbitrary files to the website by specifying a malicious file path in the file parameter of the upload_file function.

Severity:

With a CVSS 3.1 score of 6.3, this vulnerability is classified as medium severity.

Affected Versions:

The vulnerability affects Media from FTP plugin versions prior to 11.16.

Impact:

An attacker who successfully exploits this vulnerability could upload arbitrary files to the website, such as malicious scripts or malware. These files could then be executed by visitors to the website, potentially leading to a variety of security risks, such as:

Stealing cookies or session tokens
Hijacking user accounts
Conducting phishing attacks
Damaging the website’s files or database

Recommendation:

To protect the website and users from potential exploitation, swift and decisive action is essential:

Update Immediately: Ensure the Media from FTP Plugin is updated to at least version 11.16 or the latest available version. This update contains critical fixes to address the Broken Access Control vulnerability and enhance the overall security of the plugin.
Regular Security Audits: Conduct routine security audits of the WordPress website to identify and rectify vulnerabilities proactively. Regular updates and patches are pivotal for maintaining a secure environment.
Stay Informed: Monitor official sources for any updates or advisories related to the Media from FTP Plugin. Timely updates and awareness are key to ensuring your website’s security.

Immediate Action Required for Media from FTP Plugin

Severity:

Affected Versions:

Impact:

Recommendation:

Related Articles

PHP Object Injection vulnerability in WordPress Essential Blocks Pro Plugin

Cross-Site Scripting (XSS) vulnerability in WordPress AcyMailing SMTP Newsletter Plugin

High-Severity Broken Access Control Vulnerability in WooCommerce Warranty Requests Plugin

SQL Injection Vulnerability in TI WooCommerce Wishlist Plugin

Privilege Escalation vulnerability in WordPress Simple Membership Plugin

Arbitrary File Upload vulnerability in WordPress My Account Page Editor for WooCommerce Plugin

Categories

Latest Blog Updates

Unmasking a Persistent Malware Attack on a WordPress Website

Investigating and Resolving High CPU Usage in WordPress Due to Malicious Crawlers

Unmasking a Hidden Malware Attack Targeting Users from Search Results

Critical Broken Access Control Vulnerability in WP Travel Plugin

Critical Broken Access Control Vulnerability in WooODT Lite Plugin

Critical Local File Inclusion Vulnerability in HTML filter and csv-file search Plugin

Critical Remote Code Execution Vulnerability in PHP to Page Plugin