A critical vulnerability has been identified in the HaruTheme WooCommerce Designer Pro plugin, which could allow an unauthenticated attacker to take complete control of the affected web server. The flaw permits the upload of malicious files, such as a web shell, giving an attacker the ability to execute arbitrary code, steal sensitive data, and disrupt services. Due to the ease of exploitation and the maximum potential impact, this vulnerability is rated with the highest possible severity.

The vulnerability is an Unrestricted Upload of File with Dangerous Type. The application fails to properly validate the types of files being uploaded through its interface. An unauthenticated attacker can exploit this by crafting a request to upload a file with a dangerous extension (e.g., .php, .phtml) containing malicious code. Once the file, known as a web shell, is on the server, the attacker can access it via a direct URL to execute arbitrary commands with the permissions of the web server process, leading to a full system compromise.

This vulnerability is rated as critical severity with a CVSS score of 10.0, representing the highest possible risk. Successful exploitation would grant an attacker complete control over the web server. The potential consequences include theft of sensitive data such as customer personal information and payment details, intellectual property loss, website defacement, and the use of the compromised server to launch further attacks against other systems. This can lead to severe financial loss, regulatory fines, and significant reputational damage.

Immediate Action: Immediately update the HaruTheme WooCommerce Designer Pro plugin to the latest version provided by the vendor to patch this vulnerability. After patching, it is crucial to review server access logs and file systems for any signs of compromise or suspicious files that may have been uploaded prior to the update.

Proactive Monitoring: Monitor web server logs for unusual POST requests to file upload endpoints, especially those containing files with executable extensions (e.g., .php, .aspx, .jsp). Implement file integrity monitoring on web directories to detect the creation of unauthorized files. Watch for unexpected outbound network traffic from the web server, which could indicate a web shell communicating with a command-and-control server.

Compensating Controls: If patching cannot be performed immediately, consider the following controls:

• Implement a Web Application Firewall (WAF) with rules to inspect file uploads and block malicious file types and exploit attempts.
• If the upload functionality in the plugin is not business-critical, disable it entirely.
• Harden the web server by configuring upload directories with no-execute permissions to prevent uploaded scripts from running.

Public Exploit Available: false

Given the critical severity of this vulnerability, immediate action is required. Organizations using the affected HaruTheme WooCommerce Designer Pro plugin must prioritize applying the security update without delay. Due to the high likelihood of exploitation, it is strongly recommended to assume the system is compromised if it was exposed to the internet before patching and to initiate incident response procedures to hunt for evidence of a web shell or other malicious activity.