What is Remote Unauthenticated Shortcode Execution ?

WordPress installations with unsecured shortcodes (such as [php] which allows raw PHP code to be run) are vulnerable to serious attacks if WooThemes [with WooFramework 5.3.12 or older] are installed, even if they are not the selected theme for the site..

More extreme and malicious uses are left up to the reader; it would be trivial to identify common insecure shortcodes and then attempt them against common WooThemes to attempt to run malicious code on the remote server.

    Where is the Mistake

The cause of this is the following code in functions/js/shortcode-generator/preview-shortcode-external.php:

$shortcode = isset($_REQUEST['shortcode']) ? $_REQUEST['shortcode'] : '';

// WordPress automatically adds slashes to quotes
// http://stackoverflow.com/questions/3812128/although-magic-quotes-are-turned-off-still-escaped-strings
$shortcode = strip_tags( stripslashes($shortcode) );

echo do_shortcode($shortcode);

This is a Serious vulnerability. Which has not been fixed in the Bigrock Official Blog.

Remote Unauthenticated Shortcode Execution

This Vulnerability is fixed in version 5.3.12 of the WooFramework.

Was this article helpful?

Thanks

Thanks for your Feeback. It will helps us to improve our Article quality




1 Shares
+11
Tweet
Share
Stumble