CVE-2018-14028 : Security Advisory and Response

WordPress 4.9.7 allows for the upload of PHP files instead of ZIP files, leading to potential security risks.

Understanding CVE-2018-14028

In the latest version of WordPress, a vulnerability exists that allows for the upload of PHP files instead of valid ZIP files, potentially enabling attackers to execute malicious code.

What is CVE-2018-14028?

WordPress 4.9.7 fails to verify uploaded plugins as valid ZIP files, allowing PHP files to be uploaded instead. Although the plugin extraction fails, the PHP file remains in a predictable location, creating a security risk.

The Impact of CVE-2018-14028

This vulnerability poses a security risk in scenarios where attackers can upload plugins but cannot insert arbitrary PHP code into valid plugin ZIP files due to directory permissions.

Technical Details of CVE-2018-14028

WordPress 4.9.7 vulnerability details

Vulnerability Description

WordPress 4.9.7 does not properly verify uploaded plugins as valid ZIP files
Allows for the upload of PHP files instead
PHP files remain in a known location, enabling potential execution by attackers

Affected Systems and Versions

Affected version: WordPress 4.9.7

Exploitation Mechanism

Attackers can exploit this vulnerability by uploading PHP files instead of ZIP files

Mitigation and Prevention

Protecting against CVE-2018-14028

Immediate Steps to Take

Update WordPress to the latest version to patch the vulnerability
Monitor wp-content/uploads directory for any suspicious PHP files

Long-Term Security Practices

Regularly review and adjust directory permissions to prevent unauthorized uploads
Implement file upload verification mechanisms to ensure only valid file types are accepted

Patching and Updates

Apply security patches and updates provided by WordPress to address this vulnerability