ImageMagick Engine < 1.7.11 - Administrator+ OS Command Injection

Vulnerability

The ImageMagick Engine WordPress plugin versions before 1.7.11 are vulnerable to OS command injection through the cli_path parameter. The plugin fails to properly sanitize user-supplied input used in command execution, allowing arbitrary command injection. The vulnerability exists in the administrative interface and requires the attacker to have administrator-level permissions on the WordPress site [1].

Exploitation

An authenticated attacker with administrative access can exploit this vulnerability by manipulating the cli_path parameter in a request processed by the plugin. The attacker does not need any additional privileges beyond administrator-level access. The exact steps involve sending a crafted request where the cli_path parameter contains malicious OS command payloads, which are then executed by the plugin [1].

Impact

Successful exploitation allows the attacker to execute arbitrary operating system commands on the server, leading to remote code execution (RCE). This can result in full compromise of the WordPress site, including data theft, site defacement, or further pivoting within the hosting environment. The impact is critical as it provides administrator-equivalent or greater control over the server [1].

Mitigation

The vulnerability is fixed in version 1.7.11 of the ImageMagick Engine plugin. Users should update to this version immediately. There is no known workaround provided in the advisory. The plugin repository and advisory confirm the fixed version [1].