WordPress JS Help Desk – Best Help Desk & Support Plugin plugin <= 2.7.7 - Arbitrary File Upload vulnerability

Vulnerability

The JS Help Desk – Best Help Desk & Support Plugin for WordPress (versions n/a through 2.7.7) contains an Unrestricted Upload of File with Dangerous Type vulnerability [1]. This flaw resides in the file upload functionality, where the plugin does not properly validate the file type or contents, allowing authenticated users to upload arbitrary files including PHP scripts.

Exploitation

An attacker needs to have a subscriber-level or higher account on the WordPress site where the vulnerable plugin is installed [1]. The attacker can craft a malicious PHP file (e.g., a web shell) and upload it through the plugin's file upload feature. No additional privileges or user interaction beyond the initial authentication are required.

Impact

Successful exploitation allows the attacker to achieve remote code execution (RCE) on the server. The uploaded malicious file can be accessed and executed, leading to full site compromise, data theft, privilege escalation, or further lateral movement [1].

Mitigation

The vulnerability affects all versions up to and including 2.7.7. The vendor published a fix in version 2.7.8, which is available for download. Users are strongly advised to update to the latest version immediately [1].