Executive Summary

The WPMasterToolKit WordPress plugin up to version 2.13.0 allows users with Contributor-level access or higher to inject and execute arbitrary PHP code via the Code Snippets feature because it lacks proper capability checks. This leads to remote code execution, privilege escalation, and full site compromise.

Useful 0 Not Useful 0

Impact Analysis

An attacker with Contributor-level access can execute arbitrary PHP code on the server, which can result in remote code execution, privilege escalation, and complete compromise of the WordPress site.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, immediately update the WPMasterToolKit plugin to a version later than 2.13.0 where the issue is fixed. Additionally, restrict user roles to prevent Contributor-level and Author-level users from accessing the Code Snippets feature until the update is applied. Review user permissions and monitor for any suspicious PHP code execution attempts.

Useful 0 Not Useful 0

Detection Guidance

To detect this vulnerability on your WordPress system, you should check if the WPMasterToolKit plugin is installed and if its version is 2.13.0 or earlier, as these versions are vulnerable. You can verify the plugin version via the WordPress admin dashboard or by checking the plugin files directly. Additionally, review user roles and permissions to see if non-administrator users (Contributor-level or above) have access to the Code Snippets feature, which should be restricted. Since the vulnerability involves unauthorized PHP code execution through the Code Snippets feature, you can look for suspicious or unexpected code snippets in the plugin's custom post type 'wpmtk_code_snippets'. Suggested commands (run on the server hosting WordPress): 1. Check plugin version: ```bash grep "Version:" wp-content/plugins/wpmastertoolkit/readme.txt ``` 2. List code snippet posts (requires WP-CLI): ```bash wp post list --post_type=wpmtk_code_snippets --fields=ID,post_title,post_author ``` 3. Review snippet content for suspicious PHP code (replace <ID> with snippet ID): ```bash wp post get <ID> --field=post_content ``` 4. Check user roles and capabilities (to identify if non-admin users can edit snippets): ```bash wp user list --role=contributor ``` Then verify if these users have access to the Code Snippets UI. Monitoring network traffic for unusual POST requests to the plugin's admin pages related to code snippet creation or editing could also help detect exploitation attempts, but specific network commands are not provided in the resources. [1, 4, 2]

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows authenticated users with Contributor-level access and above to execute arbitrary PHP code on the server, leading to remote code execution, privilege escalation, and complete site compromise. Such a compromise can result in unauthorized access to sensitive data, potentially violating data protection regulations like GDPR and HIPAA. However, the provided resources do not explicitly discuss compliance impacts or regulatory considerations.

Useful 0 Not Useful 0