This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Arbitrary PHP file upload via `admin-ajax.php`. <br>π₯ **Consequences**: Unauthenticated Remote Code Execution (RCE). Attackers gain full control over the server.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Insecure file upload handling. <br>π **Flaw**: Allows `.php` file uploads without proper validation.β¦
π¦ **Affected**: WordPress Showbiz Pro Plugin. <br>π **Version**: **1.7.1 and earlier**. <br>π **Platform**: WordPress sites running this specific plugin.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: **Unauthenticated** access. <br>πΎ **Data**: Full server compromise. <br>β‘ **Action**: Execute arbitrary PHP code. <br>π **Impact**: Complete system takeover.
π₯ **Public Exp?**: **YES**. <br>π **Sources**: <br>- Exploit-DB #35385 <br>- GitHub PoC (nuclei-templates) <br>- Metasploit module (wpsploit). <br>π **Wild Exploitation**: High risk due to available tools.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1. Scan for `admin-ajax.php` upload vectors. <br>2. Check plugin version (`Showbiz Pro <= 1.7.1`). <br>3. Use Nuclei templates for detection. <br>4.β¦
π οΈ **Fix**: Update **Showbiz Pro** to version **> 1.7.1**. <br>π **Published**: Oct 2019. <br>β **Status**: Patch available for affected versions.
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: <br>1. **Disable** the plugin immediately. <br>2. **Block** `admin-ajax.php` upload permissions via WAF. <br>3. Restrict `.php` file uploads in `wp-config.php` or server config. <br>4.β¦