CVE-2017-16949

high-risk
Published 2017-12-19

An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution.

Do I need to act?

!
38.8% chance of exploitation in next 30 days
EPSS score — higher than 61% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
43324
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Accesspressthemes

References (6)

Exploit http://packetstormsecurity.com/files/145398/Accesspress-Anonymous-Post-Pro-Unaut...
Exploit https://wpvulndb.com/vulnerabilities/8977
Exploit https://www.exploit-db.com/exploits/43324/
Exploit http://packetstormsecurity.com/files/145398/Accesspress-Anonymous-Post-Pro-Unaut...
Exploit https://wpvulndb.com/vulnerabilities/8977
Exploit https://www.exploit-db.com/exploits/43324/
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 17/34 · Moderate
Exposure 5/34 · Minimal