[wp-trac] [WordPress Trac] #62869: Malicious PDF Execution via Media Library
WordPress Trac
noreply at wordpress.org
Mon Jan 27 10:26:33 UTC 2025
#62869: Malicious PDF Execution via Media Library
--------------------------+-----------------------------
Reporter: deepench | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 6.7.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
We have encountered a security issue where a maliciously crafted PDF file
uploaded to the WordPress Media Library poses a potential risk. While the
Media Library should securely store and display uploaded PDFs, certain
malicious PDF files can exploit vulnerabilities to execute harmful code or
compromise the system.
Steps to Reproduce:
Create or obtain a PDF file embedded with malicious scripts or payloads
(e.g., JavaScript, shell commands).
Upload the malicious PDF file to the WordPress Media Library.
Attempt to open or interact with the uploaded file on the front end or via
direct access.
Observe any execution of embedded malicious code or unexpected behavior.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62869>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list