A high-severity vulnerability has been identified in the Responsive Filterable Portfolio plugin for WordPress. This flaw allows an unauthenticated attacker to upload malicious files, such as web shells, to an affected server, which could lead to a complete compromise of the website, data theft, and further attacks originating from the compromised server. Immediate patching is required to mitigate the risk of exploitation.

The Responsive Filterable Portfolio plugin is vulnerable to an arbitrary file upload. The vulnerability exists because the HdnMediaSelection_image field does not properly validate the file type of user-supplied uploads. An unauthenticated remote attacker can exploit this by crafting a request to upload a malicious file with an executable extension (e.g., .php) disguised as an image. Once uploaded, the attacker can navigate to the file's location on the server to execute arbitrary code in the context of the web server user, leading to remote code execution (RCE).

This vulnerability is rated as High severity with a CVSS score of 7.2. Successful exploitation could have a significant negative impact on the business. An attacker could achieve a full system compromise, leading to website defacement, theft of sensitive data (including customer information, payment details, and intellectual property), or the injection of malware to infect site visitors. The compromised server could also be leveraged to conduct further attacks, such as hosting phishing sites or participating in botnets, resulting in severe reputational damage, financial loss, and potential regulatory penalties.

Immediate Action:

• Immediately update the "Responsive Filterable Portfolio" plugin to the latest version that addresses this vulnerability.
• If a patch is not yet available, or the plugin is not essential for business operations, disable and remove it immediately.
• Review WordPress security settings to ensure file permissions are hardened and unnecessary services are disabled.

Proactive Monitoring:

• Review web server access logs for POST requests to plugin-specific endpoints, looking for uploads of suspicious file types (e.g., .php, .phtml, .phar) instead of expected image files (.jpg, .png, .gif).
• Implement File Integrity Monitoring (FIM) on the WordPress uploads directory to generate alerts for any new or modified files with executable extensions.
• Monitor for unusual outbound network traffic from the web server, which could indicate a successful compromise and communication with a command-and-control server.

Compensating Controls:

• If patching is not immediately possible, deploy a Web Application Firewall (WAF) with rules specifically designed to block the upload of executable file types.
• Configure the web server to disallow script execution within the WordPress uploads directory (e.g., using an .htaccess file or Nginx location block).
• Restrict file system permissions on the uploads directory to prevent the web server process from executing files stored there.

Public Exploit Available: true

Given the high severity (CVSS 7.2), the public availability of exploit code, and the critical impact of a successful attack (Remote Code Execution), we strongly recommend that organizations treat this vulnerability with the highest priority. All instances of the "Responsive Filterable Portfolio" plugin must be updated immediately. Following the update, security teams should actively hunt for indicators of compromise to ensure their systems have not already been breached. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime target for widespread exploitation, demanding urgent and decisive remediation.