Arbitrary Directory Deletion

  • Resolved cjcsonka

    (@cjcsonka)


    3 weeks, 4 days ago

    Our WP site runs the WPScan security plugin which keeps reporting a security vulnerability with this plugin:

    *Plugin Connections Business Directory* Connections Business Directory <= 10.4.66 – Authenticated (Admin+) Arbitrary Directory Deletion – Not fixed.

    WPScan says: “We are not aware of a fix for this vulnerability.”

    When I click for more details, it says:

    “The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content.”

    Is there a fix for this issue?

    • This topic was modified 3 weeks, 4 days ago by James Huff.
    • This topic was modified 3 weeks, 4 days ago by James Huff. Reason: redundant link removed

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Steven

    (@shazahm1hotmailcom)

    Here’s the reported issue:

    The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content.

    The significant bit is that this requires admin-level access. So, this issue can only affect you if you have an admin you do not trust, or someone gains unauthorized admin-level access. However, an admin-level user can already cause “arbitrary directory deletion,” even on a clean install of WP with no plugins installed using the plugin or theme editor and one line of code. The threat level is low.

    WP takes security very seriously, as they should, so they have removed the Connections until this is resolved. This issue is quick and easy to resolve, but WP requires a review afterward. Unfortunately, this can take many months. I hope this is not the case.

    I have developed a working solution and hope to submit it ASAP. However, I need more time to add additional validations and ensure any new requirements are met, as a new plugin review is required as part of the submission.

    I hope this helps and alleviates any concerns.

    Thread Starter cjcsonka

    (@cjcsonka)

    Hey Steven (@shazahm1hotmailcom), thanks for providing additional context for this issue and working on a solution. While still a vulnerability, I currently have no immediate concerns, but will continue to monitor the issue and standby for your solution to be implemented.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.