This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Path Traversal in `wp_crop_image()`. Attackers use `../` in filenames to write images to arbitrary directories. π **Consequences**: Remote Code Execution (RCE) via malicious PHP shell upload.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: CWE-22 (Path Traversal). The function fails to sanitize filenames containing `../` sequences and double extensions, allowing directory escape.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: WordPress versions **5.0.0 through 5.0.3**. Specifically the `wp_crop_image()` function used in image processing.
Q4What can hackers do? (Privileges/Data)
π» **Attacker Actions**: Write arbitrary files to the server. By uploading a PHP file disguised as an image, attackers achieve **Remote Code Execution (RCE)** and full server control.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **Medium**. Requires **Authentication**. The attacker must have privileges to crop an image (e.g., Editor or Administrator role).
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp**: **YES**. Multiple PoCs exist on GitHub and Exploit-DB. Metasploit modules are also available for automated exploitation.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for WordPress versions < 5.0.4. Check if `wp_crop_image` is accessible. Use Nuclei templates or specific Python scripts to test for path traversal via image upload.
π§ **No Patch?**: Restrict image upload/crop permissions to trusted admins only. Implement WAF rules to block `../` sequences in image filenames. Disable image cropping if not needed.
Q10Is it urgent? (Priority Suggestion)
β‘ **Urgency**: **HIGH**. RCE is critical. Since public exploits exist, active exploitation is likely. Patch immediately if running affected versions.