A high-severity vulnerability has been identified in the Supreme Modules Lite plugin for WordPress, which could allow an unauthenticated attacker to upload arbitrary files to an affected website. Successful exploitation could lead to a complete compromise of the web server, enabling the attacker to execute malicious code, steal sensitive data, or deface the website. Organizations using this plugin are at significant risk of a security breach and should take immediate action to mitigate this threat.

The vulnerability is an arbitrary file upload weakness within the Supreme Modules Lite plugin. The plugin fails to adequately validate the types of files being uploaded to the server. An unauthenticated attacker can exploit this flaw by crafting a request to upload a malicious file, such as a PHP web shell, disguised as a legitimate file type. Once the malicious file is on the server, the attacker can access it via a direct URL to execute code in the context of the web server, granting them remote control over the affected website.

This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation can have severe consequences for the business, including a complete compromise of the web server. This could lead to the theft of sensitive data such as customer information, payment details, and intellectual property. Further risks include website defacement, reputational damage, loss of customer trust, and the potential for the compromised server to be used in wider attacks against other systems, leading to potential legal and financial liabilities.

Immediate Action:

• Immediately update the Supreme Modules Lite plugin to the latest version available from the vendor (a version greater than 2.0).
• If the plugin is not essential for business operations, consider deactivating and removing it entirely to eliminate the attack surface.
• Review WordPress security settings, particularly file permissions on upload directories, to ensure they are hardened against unauthorized execution.

Proactive Monitoring:

• Monitor web server access logs for suspicious POST requests to file upload endpoints associated with the plugin. Look for attempts to upload files with extensions like .php, .phtml, or .php5.
• Implement a File Integrity Monitoring (FIM) solution to detect unauthorized file creation or modification within the WordPress installation directories.
• Analyze outbound network traffic from the web server for unusual connections, which could indicate a successful compromise and communication with a command-and-control server.

Compensating Controls:

• If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules specifically designed to inspect file uploads and block malicious file types and content.
• Disable the file upload functionality within the affected plugin if this can be done without critically impacting site operations.
• Modify web server configuration (e.g., in .htaccess or nginx.conf) to prevent the execution of scripts (like PHP) within the primary upload directory.

Public Exploit Available: true

Given the high CVSS score of 8.8 and the critical impact of a successful exploit, immediate remediation is strongly recommended. All organizations using the Supreme Modules Lite plugin should prioritize updating to a patched version without delay. Additionally, it is advised to perform a security audit of the web server to search for any indicators of compromise, such as suspicious files in upload directories, in case the vulnerability has already been exploited. The lack of a CISA KEV status should not diminish the urgency of addressing this critical vulnerability.