Opened 10 months ago
Closed 10 months ago
#62869 closed defect (bug) (invalid)
Malicious PDF Execution via Media Library
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 6.7.1 |
| Component: | Security | Keywords: | |
| Focuses: | Cc: |
Description
We have encountered a security issue where a maliciously crafted PDF file uploaded to the WordPress Media Library poses a potential risk. While the Media Library should securely store and display uploaded PDFs, certain malicious PDF files can exploit vulnerabilities to execute harmful code or compromise the system.
Steps to Reproduce:
Create or obtain a PDF file embedded with malicious scripts or payloads (e.g., JavaScript, shell commands).
Upload the malicious PDF file to the WordPress Media Library.
Attempt to open or interact with the uploaded file on the front end or via direct access.
Observe any execution of embedded malicious code or unexpected behavior.
Attachments (1)
Change History (2)
Note: See
TracTickets for help on using
tickets.
@deepench Please be more careful with your reports in the future. When you opened this ticket you specifically had to check a checkbox that says "I am not reporting a security issue". More info here.
In your screenshot I can see you're viewing the PDF file directly in your browser. PDF files containing JavaScript run in a sandbox mode in browsers, so they don't have access to cookies or the DOM. If you view the PDF in the WordPress media manager then you'll only see a screenshot, not the rendered PDF.