High
Wordpress Post Meta Entry RCE
Add Reference
Description
URL
Type
High
(1 user assessed)
Low
(1 user assessed)Unknown
Unknown
Unknown
Wordpress Post Meta Entry RCE
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Description
Exploiting a local file inclusion vulnerability and directory traversal vulnerability in Wordpress versions 5.0.0 and prior to v4.9.9 can result in RCE.
Add Assessment
Ratings
-
Attacker ValueHigh
-
ExploitabilityLow
Technical Analysis
Details
This exploit requires authentication and either the php-imagick or php-gd extension to be installed. Exploiting this vulnerability with only
the php-gd extension installed will require more work when crafting the JPEG because the php-gd extension compresses the image and strips it of
its exif metadata. This is still a valuable exploit due to the large user base of the application.
General Information
References
Advisory
Miscellaneous
Additional Info
Technical Analysis
Report as Exploited in the Wild
What do we mean by "exploited in the wild"?
By selecting this, you are verifying to the AttackerKB community that either you, or a reputable source (example: a security vendor or researcher), has observed an active attempt by attackers, or IOCs related, to exploit this vulnerability outside of a research environment.
A vulnerability should also be considered "exploited in the wild" if there is a publicly available PoC or exploit (example: in an exploitation framework like Metasploit).
