Critical File Upload Vulnerability Patched in Akshay Menariya Export Import Menus Plugin

CVSScvssV3_1: 9.9

The Export Import Menus plugin for WordPress was found to have a high severity vulnerability that could allow attackers to upload malicious files. The vulnerability received a CVSS score of 9.9 out of 10.

Export Import Menus is a plugin that allows users to create customizable import and export menus in WordPress. However, versions 1.8.0 and below had an issue where any file could be uploaded without restrictions on file type. Attackers could exploit this to upload a PHP file or other type of executable that would then be run on the server.

This is a common type of attack known as unrestricted file upload. By uploading a file with dangerous extensions like PHP, an attacker gains the ability to run arbitrary code on the server. They can then install backdoors, malware or delete important files.

If you have the Export Import Menus plugin installed, you should update it immediately to version 1.8.1 or above which fixes this vulnerability. Website owners should also ensure they are running the latest version of WordPress and all plugins to protect against known issues. Conducting regular security reviews of plugins and themes is advised.

This vulnerability highlights the importance of restricting file uploads by type. Developers should avoid allowing broad file uploads without validation for file extensions and size. Keeping software updated also prevents attackers from exploiting known weaknesses.