Compliance Impact

The vulnerability allows attackers to upload malicious files, including backdoors, which can grant unauthorized access to a website. This unauthorized access can lead to data breaches or unauthorized data manipulation, potentially compromising sensitive personal or health information.

Such breaches or unauthorized access could result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and health data against unauthorized access and breaches.

Immediate remediation, such as updating the plugin to version 3.5.2 or later, is recommended to mitigate the risk and help maintain compliance with these regulations.

Useful 0 Not Useful 0

Executive Summary

This vulnerability exists in the WordPress Academy LMS Pro Plugin versions before 3.5.2. It is an Arbitrary File Upload issue that allows attackers to upload malicious files, such as web shells or backdoors, to the web server hosting the plugin.

By exploiting this flaw, an attacker with custom role or developer privileges can bypass restrictions and upload dangerous file types, which can then be used to gain unauthorized access or control over the affected website.

The vulnerability is classified as medium-priority with a CVSS score of 8.0 and falls under the OWASP Top 10 category A3: Injection.

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability can allow attackers to upload malicious files such as web shells or backdoors to your web server.

This can lead to unauthorized access, allowing attackers to execute arbitrary code, manipulate website content, steal sensitive data, or take full control of the affected website.

The issue is expected to be targeted in mass-exploit campaigns, meaning many websites could be attacked regardless of their size or popularity.

Immediate action, such as updating the plugin to version 3.5.2 or later, is recommended to mitigate these risks.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate action is recommended to mitigate this vulnerability by updating the WordPress Academy LMS Pro Plugin to version 3.5.2 or later.

If updating the plugin is not possible, users should seek assistance from their hosting provider or web developer.

Patchstack has provided a mitigation rule to block attacks until the plugin is updated.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability allows attackers to upload malicious files, including web shells, to a web server via the Academy LMS Pro plugin before version 3.5.2.

To detect exploitation attempts or presence of this vulnerability on your system, you can look for suspicious file uploads or web shell files in your web server directories.

Since the vulnerability involves arbitrary file upload, monitoring HTTP POST requests to the plugin's upload endpoints for unusual file types or filenames can help detect attacks.

Suggested commands to help detect suspicious files or activity include:

• Use find command to locate recently uploaded files with suspicious extensions (e.g., .php, .phtml, .php5) in the web root or plugin directories: find /path/to/webroot -type f \( -iname "*.php" -o -iname "*.phtml" -o -iname "*.php5" \) -mtime -7
• Check web server access logs for POST requests to the plugin upload endpoints that might indicate file upload attempts: grep -i POST /var/log/apache2/access.log | grep 'academy-lms-pro'
• Use tools like grep to search for common web shell signatures or suspicious code patterns in uploaded files.

Note that Patchstack has provided a mitigation rule to block attacks until the plugin is updated, so applying such rules or firewall filters can also help detect or prevent exploitation.

Useful 0 Not Useful 0