TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2026-1499

CRITICAL
9.8

Beschreibung

The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the `process_add_site()` AJAX action combined with path traversal in the file upload functionality. This makes it possible for authenticated (subscriber-level) attackers to set the internal `prod_key_random_id` option, which can then be used by an unauthenticated attacker to bypass authentication checks and write arbitrary files to the server via the `handle_upload_single_big_file()` function, ultimately leading to remote code execution.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/6/2026
Zuletzt geandert2/6/2026
Quellenvd
Honeypot-Sichtungen0

Schwachen (CWE)

CWE-862

Referenzen

https://cwe.mitre.org/data/definitions/862.html(security@wordfence.com)
https://plugins.trac.wordpress.org/browser/local-sync/tags/1.1.8/admin/class-local-sync-admin.php#L422(security@wordfence.com)
https://plugins.trac.wordpress.org/browser/local-sync/tags/1.1.8/admin/class-local-sync-files-op.php#L843(security@wordfence.com)
https://plugins.trac.wordpress.org/browser/local-sync/tags/1.1.8/includes/class-local-sync-handle-server-requests.php#L389(security@wordfence.com)
https://plugins.trac.wordpress.org/browser/local-sync/trunk/admin/class-local-sync-admin.php#L422(security@wordfence.com)
https://plugins.trac.wordpress.org/browser/local-sync/trunk/admin/class-local-sync-files-op.php#L843(security@wordfence.com)
https://plugins.trac.wordpress.org/browser/local-sync/trunk/includes/class-local-sync-handle-server-requests.php#L389(security@wordfence.com)
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3452904%40local-sync&old=3400317%40local-sync&sfp_email=&sfph_mail=(security@wordfence.com)
https://www.wordfence.com/threat-intel/vulnerabilities/id/11bb7190-023b-45e1-99a5-7313c489ef45?source=cve(security@wordfence.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.