Folders Pro <= 3.0.2 - Authenticated(Author+) 通过 handle_folders_file_upload 实现任意文件上传

该漏洞允许经过身份验证的攻击者，拥有作者权限或更高权限，绕过文件类型验证，从而上传任意文件到服务器。攻击者可以利用此漏洞上传恶意脚本（例如PHP文件），并在服务器上执行代码，从而完全控制受影响的WordPress网站。这可能导致数据泄露、网站篡改、恶意软件传播，甚至整个服务器的控制权被夺取。攻击者还可以利用此漏洞上传webshell，长期控制网站。

WordPress websites utilizing the Folders Pro plugin, particularly those with users having author or higher roles, are at risk. Shared hosting environments where multiple WordPress installations share the same server resources are especially vulnerable, as a compromise of one site could potentially impact others. Legacy WordPress installations running outdated versions of Folders Pro are also at increased risk.

• wordpress / composer / npm:

grep -r "handle_folders_file_upload" /var/www/html/wp-content/plugins/folders-pro/

• wordpress / composer / npm:

wp plugin list --status=all | grep 'Folders Pro'

• wordpress / composer / npm:

wp plugin update folders-pro --all

• generic web: Check WordPress plugin directory for Folders Pro updates and security advisories.

1. 2024-06-14Disclosure

   disclosure

1. 已保留2024-02-29
2. 发布日期2024-06-14
3. 修改日期2024-08-01
4. EPSS 更新日期2026-04-02

最有效的缓解措施是立即升级到修复后的Folders Pro版本。如果无法立即升级，可以考虑以下临时缓解措施：限制文件上传目录的权限，确保Web服务器无法执行上传目录中的文件。实施严格的文件类型验证，即使在插件层面，也应进行额外的验证。使用Web应用防火墙（WAF）来检测和阻止恶意文件上传尝试。定期扫描网站，查找可疑文件或恶意代码。