WordPress vulnerability allows some users to delete files

27th Jun 2018
WordPress vulnerability allows some users to delete files

A flaw has been disclosed by RIPS Technologies which allows logged-in users with Author privileges or higher to delete files from the server.

In WordPress, any user who logs into the site with an Author role or higher can upload media files and edit what's called metadata for that file (e.g. uploading an image and entering the description for that image). The identified vulnerability occurs when a user enters a relative path to a file disguised as the "thumbnail" of an image. This file would then be deleted when the image is deleted from the media library.

The consequences of this flaw mean that a user could delete the configuration file for a site, which then forces Wordpress into triggering the installation process. The user could then enter their own configuration settings, making themselves an admin at which point they have full access to the site.

Wordfence has issued an update to its premium users which will prevent the vulnerability from being exploited, while free users will have to wait around 30 days for the fix. It's important to remember that this can only happen from users with Author privileges or higher, so don't be afraid to be cautious when giving out these higher-level accounts.

Leave a Comment

Submitting this form will create you an account on this site for submitting comments, raising disputes and other features as we add them. If you've already got an account you will receive an email asking you to confirm this comment is really by you!

Know a great web designer, developer or marketer?

Tell them to apply to join The Web Guild - it’s free for anyone who gets a company profile approved before the end of March! Read our How it Works page or sign up here!

<< Back to news