WordPress Large File Upload Error XSS

By
Sooraj V Nair
Published on
26 Jun 2018
Vulnerability

Uploaded files present a huge risk in the server. The uploaded files can be malicious and can cause damage to the server with the sensitive data breach. It could also give complete access to the attacker. When an attacker wants to attack a web application. He will try different methods to upload his malicious file. After a successful upload, he will find different ways to execute the file. A successful execution will give what the attacker wants.

Many servers are vulnerable to cross-site scripting vulnerability during upload of very large files. This vulnerability is faced due to the error message, it is not properly restricted. In WordPress versions before 4.7.5, cross-site scripting (XSS) vulnerability existed while attempting to upload huge files. This vulnerability existed because the error message did not correctly restrict the presentation of the filename.

Impact and Fixes

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.