A critical vulnerability has been identified in the FoxyPress plugin for WordPress. This flaw allows an unauthenticated attacker to upload malicious files to the server, which can lead to a complete compromise of the website. Successful exploitation could result in data theft, website defacement, or the server being used for further malicious activities, posing a severe risk to the organization.

The vulnerability exists within the uploadify.php file of the FoxyPress plugin. This script fails to properly validate the type of files being uploaded. An unauthenticated remote attacker can craft a request to this endpoint to upload a file with a malicious extension, such as a PHP web shell. Once the malicious file is on the server, the attacker can navigate to it via their browser to execute arbitrary code with the permissions of the web server process, leading to Remote Code Execution (RCE).

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could have a devastating business impact, including the theft of sensitive data such as customer information, transaction records, and user credentials. An attacker could also deface the website, causing significant reputational damage, or use the compromised server as a platform to launch further attacks, host phishing sites, or distribute malware. The potential for complete system compromise presents a direct threat to business continuity, data integrity, and customer trust.

Immediate Action: Immediately update the FoxyPress plugin for WordPress to the latest available version that patches this vulnerability (any version after 0.4.2.1). If the plugin is no longer maintained or required, it should be deactivated and completely removed from the WordPress installation. After patching or removal, review server logs for any signs of prior exploitation.

Proactive Monitoring:

• Monitor web server access logs for unusual POST requests to the /wp-content/plugins/foxypress/uploadify.php file.
• Implement file integrity monitoring (FIM) to detect the creation of unexpected files (e.g., .php, .phtml) in web-accessible directories, especially upload folders.
• Scrutinize outbound network traffic from the web server for suspicious connections, which could indicate a successful compromise and communication with a command-and-control server.

Compensating Controls:

• If immediate patching is not possible, disable the FoxyPress plugin until it can be updated or replaced.
• Implement a Web Application Firewall (WAF) with rules designed to block malicious file uploads based on file extension and content type.
• Use server-level configuration (e.g., .htaccess or nginx.conf) to block direct external access to the uploadify.php file.

Public Exploit Available: True

Due to the critical severity (CVSS 9.8) and the high likelihood of exploitation, this vulnerability requires immediate attention. The primary and most effective course of action is to update the FoxyPress plugin to the latest version or, if it is no longer in use, remove it entirely. The risk of complete server compromise is high, and organizations should prioritize this remediation to protect their web assets, sensitive data, and reputation.