First published: Mon Jun 03 2019(Updated: )
The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file extension, and prepending "magic bytes" to the payload to pass MIME checks. Specifically, an unauthenticated remote user submits a crafted file upload POST request to the REST api remote_upload endpoint. The file contains data that will fool the plugin's MIME check into classifying it as an image (which is a whitelisted file extension) and finally a trailing .phtml file extension.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
3cx Live Chat | <8.0.26 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the WP Live Chat Support Pro plugin is CVE-2019-11185.
The severity level of the CVE-2019-11185 vulnerability is critical with a score of 9.8.
The vulnerability in the WP Live Chat Support Pro plugin occurs due to an arbitrary file upload vulnerability resulting from an incomplete patch for CVE-2018-12426.
The affected software for the CVE-2019-11185 vulnerability is the WP Live Chat Support Pro plugin version up to and excluding 8.0.26 for WordPress.
Yes, it is recommended to update the WP Live Chat Support Pro plugin to a version that includes a complete fix for the vulnerability.