Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Zero Day Vulnerability in WP CopySafe Web and WP CopySafe PDF WordPress Plugins

This entry was posted in WordPress Security on June 6, 2014 by Mark Maunder   2 Replies

Update: The issue has been confirmed, the plugins have been temporarily removed from the repository until the author fixes the issue. Please uninstall until the author releases a fix.

WP-CopySafe-Web and WP-CopySafe-PDF plugins have a serious Zero Day shell upload vulnerability. Scripts that exploit this vulnerability are being sold on hacker sites and first appeared 3 days ago.

We have tested and verified that having the current version of either plugin installed in your WordPress installation will allow anyone, registered or not, to upload arbitrary files to your WordPress site. This allows a hacker to upload a PHP shell to exploit your system.

The specific issue in both plugins is that the author uses the “Uploadify” library which is notorious for exposing file upload vulnerabilities and in this case it allows unauthenticated users to upload arbitrary files. We verified we could upload a file via cURL without any authentication and sending no cookies.

We have notified the author of the plugins and hope the author will release a fix soon. In the mean time, please immediately remove both plugins from your site.

Note that normally we would wait for the author to release a fix before notifying the general public, but because hackers are already distributing exploit scripts for this vulnerability, we decided that the prudent course of action is to immediately notify the subscribers of our WordPress Security mailing list (sign-up at the bottom of our home page). We don’t see why hackers should have an unfair advantage while you wait for the author to fix the security hole.

Did you enjoy this post? Share it!


Your rating:

2 Comments on "Zero Day Vulnerability in WP CopySafe Web and WP CopySafe PDF WordPress Plugins"

Herbert A. Eberth June 17, 2014 at 11:02 am • Reply

The Plugin I use is WP-CopyProtect (not WP CopySafe Web or WP CopySafe PDF). Is this plugin also affected?

Regards
Herbert

mark June 17, 2014 at 1:18 pm • Reply

I literally glanced at the code and it looks safe if it's this one you're using:

http://plugins.svn.wordpress.org/wp-copyprotect/tags/3.0.0/

Regards,

Mark.

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.