This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical code flaw in the WordPress plugin **Simple-File-List**. π **Consequences**: Attackers can rename uploaded PHP files from `.png` to `.php`, leading to **Remote Code Execution (RCE)**.β¦
π‘οΈ **Root Cause**: **CWE-434** (Arbitrary Upload). π **Flaw**: The `rename` function is misused. It allows changing the extension of uploaded files, bypassing security checks.β¦
π₯ **Affected**: Users of **Simple File List** plugin. π¦ **Version**: **4.2.2** and earlier. π’ **Vendor**: eemitch. β οΈ If you use this plugin, you are at risk.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Hackers Can**: Execute arbitrary PHP code on the server. π **Privileges**: Full control over the web server. π **Data**: Access, modify, or delete any data. π The entire WordPress site can be taken over.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. π« **Auth**: No authentication required (PR:N). π±οΈ **UI**: No user interaction needed (UI:N). π **Network**: Remote access (AV:N). π Extremely easy to exploit.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exp?**: **YES**. π **PoC Available**: Multiple Proof-of-Concept scripts exist on GitHub (e.g., `137f/PoC-CVE-2020-36847`). π οΈ Ready-to-use exploits are circulating. β οΈ High risk of automated attacks.
π§ **Fixed?**: **YES**. π₯ **Patch**: Update the plugin to the latest version. π **Reference**: WordPress Trac changeset `2286920`. π Immediate update is the primary fix.
Q9What if no patch? (Workaround)
π§ **No Patch?**: Disable the plugin immediately. π« **Remove**: Uninstall if not needed. π‘οΈ **WAF**: Use a Web Application Firewall to block PHP uploads. π **Restrict**: Block `.php` execution in upload directories.