CVE-2016-1000112 – The Contus Video Comments WordPress plugin vers... (How to Fix)

Q: What is the severity of CVE-2016-1000112?

CVE-2016-1000112 has a CVSS score of 9.1 (CRITICAL). The Contus Video Comments WordPress plugin version 1.0 contains an unauthenticated remote file upload vulnerability that allows attackers to upload arbitrary files, including malicious PHP scripts disguised as JPG images. This affects any WordPress site running the vulnerable plugin version. Attackers can exploit this without authentication to gain control of affected websites.

📋 TL;DR

The Contus Video Comments WordPress plugin version 1.0 contains an unauthenticated remote file upload vulnerability that allows attackers to upload arbitrary files, including malicious PHP scripts disguised as JPG images. This affects any WordPress site running the vulnerable plugin version. Attackers can exploit this without authentication to gain control of affected websites.

💻 Affected Systems

Products:

Contus Video Comments WordPress Plugin

Versions: Version 1.0 only

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress sites with this specific plugin installed and activated.

📦 What is this software?

Contus Video Comments by Contussupport

View all CVEs affecting Contus Video Comments →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, defacement, malware distribution, or use as part of a botnet.

🟠

Likely Case

Website defacement, backdoor installation, credential theft, and lateral movement within the hosting environment.

🟢

If Mitigated

Limited impact if file uploads are restricted at web server level or if plugin is disabled.

🌐 Internet-Facing: HIGH - Directly exploitable from the internet without authentication.

🏢 Internal Only: LOW - Primarily affects internet-facing WordPress installations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST request with crafted file upload bypasses authentication and file type validation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

1. Immediately remove the Contus Video Comments plugin from all WordPress installations. 2. Delete all plugin files from the wp-content/plugins directory. 3. Search for and remove any suspicious files uploaded via this vulnerability.

🔧 Temporary Workarounds

Disable Plugin

all

Deactivate and delete the vulnerable plugin from WordPress admin panel.

Navigate to WordPress Admin > Plugins > Installed Plugins > Deactivate and Delete Contus Video Comments

Restrict File Uploads

linux

Configure web server to block file uploads to the vulnerable endpoint.

For Apache: Add 'Deny from all' to .htaccess in plugin directory
For Nginx: Add 'location ~* /wp-content/plugins/contus-video-comments/ { deny all; }' to server config

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block requests to the vulnerable upload endpoint.
Enable file integrity monitoring on wp-content/uploads directory to detect unauthorized file uploads.

🔍 How to Verify

Check if Vulnerable:

Check if /wp-content/plugins/contus-video-comments/ directory exists on WordPress installation.

Check Version:

Check WordPress database: SELECT * FROM wp_options WHERE option_name = 'active_plugins'; (look for contus-video-comments)

Verify Fix Applied:

Confirm plugin directory is removed and no longer appears in WordPress admin plugins list.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /wp-content/plugins/contus-video-comments/upload.php with .jpg files
File uploads to unusual directories with .php extensions

Network Indicators:

Unusual outbound connections from web server following file uploads
Spike in traffic to upload.php endpoint

SIEM Query:

source="web_server" AND (uri_path="/wp-content/plugins/contus-video-comments/upload.php" OR file_extension="php" AND upload_success="true")

📊 Metadata

CVE ID: CVE-2016-1000112

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-22

Published: October 6, 2016

Last Updated: April 12, 2025

🔗 References

http://www.securityfocus.com/bid/93967 Third Party Advisory,VDB Entry
http://www.vapidlabs.com/advisory.php?v=163 Exploit,Third Party Advisory
http://www.securityfocus.com/bid/93967 Third Party Advisory,VDB Entry
http://www.vapidlabs.com/advisory.php?v=163 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-1000112, you might also want to check these: