A critical vulnerability has been identified in the Podlove Podcast Publisher plugin for WordPress, rated with a CVSS score of 9.8. This flaw allows an unauthenticated attacker to upload arbitrary files, including malicious scripts, to the web server. Successful exploitation could lead to complete system compromise, enabling the attacker to steal data, disrupt services, or use the server for further malicious activities.

The vulnerability exists within the move_as_original_file function of the plugin. This function fails to properly validate the file type of user-supplied uploads. An attacker can exploit this flaw by crafting a request to upload a malicious file, such as a PHP web shell, disguised as a legitimate file type. Because the server-side validation is missing, the malicious file is saved to a web-accessible directory, allowing the attacker to execute it by simply navigating to the file's URL, resulting in remote code execution on the server.

This vulnerability is rated as critical severity with a CVSS score of 9.8. A successful exploit could result in a full compromise of the web server hosting the WordPress site. The potential business impact is severe, including the theft of sensitive data (customer information, credentials, proprietary data), website defacement, service disruption, and reputational damage. The compromised server could also be used to host malware, launch attacks against other systems, or serve as a pivot point into the broader corporate network, posing a significant risk to the entire organization.

Immediate Action: Immediately update the Podlove Podcast Publisher plugin for WordPress to the latest patched version. After patching, it is crucial to monitor for any signs of prior exploitation by reviewing web server access logs and file systems for suspicious files or activity.

Proactive Monitoring:

• Monitor web server and application logs for unusual POST requests, particularly those targeting the vulnerable function or involving file uploads with suspicious extensions (e.g., .php, .phtml, .phar).
• Implement file integrity monitoring on the web server to detect the creation of new, unexpected files in web-accessible directories.
• Monitor for unusual outbound network traffic from the web server, which could indicate a successful compromise and communication with a command-and-control server.

Compensating Controls:

• If immediate patching is not possible, implement a Web Application Firewall (WAF) with rules to inspect and block malicious file uploads based on file signatures and extensions.
• Configure the web server to prevent script execution in the directory where files are uploaded (e.g., the /wp-content/uploads/ directory).
• Restrict access to the WordPress administrative interface to trusted IP addresses only.

Public Exploit Available: false

Given the critical severity of this vulnerability and its potential for complete system compromise, immediate action is required. Organizations must prioritize applying the vendor-supplied patch to all affected WordPress instances without delay. Due to the high likelihood of future exploitation, this vulnerability should be treated with the highest urgency, similar to a vulnerability listed on the CISA KEV catalog. After patching, a thorough review for indicators of compromise is strongly recommended to ensure the system was not breached before the patch was applied.