A high-severity vulnerability has been identified in the Infility Global plugin for WordPress. This flaw allows any unauthorized user to upload malicious files to a website, which could result in a complete system compromise, leading to data theft, website defacement, or further attacks launched from the compromised server.

The vulnerability exists due to two critical security oversights in the plugin's file upload functionality. First, it lacks proper capability checks, meaning it does not verify if the user attempting the upload has the necessary permissions to do so, effectively allowing unauthenticated attackers to access the feature. Second, it fails to validate the type of file being uploaded, permitting an attacker to upload executable scripts (e.g., a PHP web shell) disguised as a benign file. Once uploaded, an attacker can navigate to the malicious file's location and execute it, gaining remote control over the web server.

This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could lead to a complete compromise of the affected website and underlying server. The potential business impacts include theft of sensitive data such as customer information and credentials, significant reputational damage from website defacement, financial loss from service disruption, and the risk of the compromised server being used to host malware or launch attacks against other targets, creating further legal and financial liabilities.

Immediate Action: All administrators of WordPress sites should immediately identify if the "Infility Global" plugin is installed. If the plugin is present and its version is 2 or below, it must be updated to the latest patched version immediately. If the plugin is not essential for business operations, the recommended course of action is to deactivate and completely remove it to eliminate the attack surface.

Proactive Monitoring: Security teams should monitor web server logs for suspicious POST requests to file upload endpoints, particularly those that do not originate from legitimate administrative sessions. File Integrity Monitoring (FIM) should be used to alert on the creation of unexpected files in web-accessible directories, especially files with extensions like .php, .phtml, or .phar. Monitor for unusual outbound network connections from the web server, which could indicate a successful web shell compromise.

Compensating Controls: If immediate patching is not feasible, consider the following controls:

• Implement a Web Application Firewall (WAF) with rules to block the upload of executable file types.
• Temporarily disable the plugin until a patch can be applied.
• Harden the web server configuration to prevent the execution of scripts in the media upload directory (e.g., using an .htaccess file or Nginx location block).

Public Exploit Available: false

Given the high CVSS score of 8.8 and the critical risk of a full server compromise, this vulnerability requires immediate attention. We strongly recommend that all system owners prioritize the remediation plan. All WordPress instances must be audited to identify the presence of the vulnerable "Infility Global" plugin. Due to the severe potential impact, this vulnerability should be treated as a critical priority for patching, even though it is not currently listed on the CISA KEV catalog.