A critical vulnerability has been identified in the Meow Apps Media File Renamer plugin, assigned a CVSS score of 9.1. This flaw permits an attacker to upload malicious files to a vulnerable server, which can be executed to gain full control over the affected website. Successful exploitation could lead to data theft, website defacement, and further compromise of the underlying infrastructure.

The vulnerability is an "Unrestricted Upload of File with Dangerous Type." The application fails to properly validate the types of files being uploaded via the Media File Renamer functionality. An attacker can bypass file type restrictions and upload a file containing executable code, such as a PHP web shell. Once the malicious file is on the server, the attacker can access it via a direct URL to trigger its execution, leading to remote code execution (RCE) with the privileges of the web server's user account.

This vulnerability is rated as critical severity with a CVSS score of 9.1. Exploitation can have a severe impact on the business, leading to a complete compromise of the web server. Potential consequences include the exfiltration of sensitive data (such as customer information or intellectual property), service disruption, website defacement causing reputational damage, and the use of the compromised server to launch further attacks against internal network resources. The risk of unauthorized access, data breach, and significant financial loss is high.

Immediate Action: Update the Meow Apps Media File Renamer plugin to the latest available version (later than 5.7.7) which addresses this vulnerability. After applying the update, thoroughly review web server access logs and the file system's upload directories for any signs of suspicious files (e.g., .php, .phtml) or access attempts that may indicate a prior compromise.

Proactive Monitoring: Monitor web server logs for POST requests to file upload endpoints associated with the plugin, paying close attention to the filenames and MIME types. Implement file integrity monitoring (FIM) on web-accessible directories to alert on the creation of new, unexpected files. Monitor for unusual outbound network connections from the web server, which could indicate a reverse shell or data exfiltration channel.

Compensating Controls: If patching is not immediately possible, consider the following controls:

• Disable the Media File Renamer plugin until it can be patched.
• Implement a Web Application Firewall (WAF) with rules to inspect and block the upload of files with executable extensions.
• Harden web server configurations to prevent script execution within media upload directories.

Public Exploit Available: false

Given the critical severity (CVSS 9.1) of this vulnerability, which allows for remote code execution, immediate action is required. Organizations must update the Meow Apps Media File Renamer plugin to the latest patched version without delay. Although this vulnerability is not currently listed on the CISA KEV catalog, the potential for a full system compromise presents a significant risk to business operations, data confidentiality, and integrity. After patching, a thorough review for indicators of compromise is strongly recommended.