CVE-2017-1002002 – CVE-2017-1002002 is a critical vulnerability in... (How to Fix)

Q: What is the severity of CVE-2017-1002002?

CVE-2017-1002002 has a CVSS score of 9.8 (CRITICAL). CVE-2017-1002002 is a critical vulnerability in the WordPress WebApp Builder plugin v2.0 that allows unauthenticated remote file upload and execution due to improper input validation. This affects any WordPress site running the vulnerable plugin version, potentially allowing attackers to take complete control of affected websites.

📋 TL;DR

CVE-2017-1002002 is a critical vulnerability in the WordPress WebApp Builder plugin v2.0 that allows unauthenticated remote file upload and execution due to improper input validation. This affects any WordPress site running the vulnerable plugin version, potentially allowing attackers to take complete control of affected websites.

💻 Affected Systems

Products:

WordPress WebApp Builder plugin

Versions: Version 2.0

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: The plugin includes vulnerable third-party CMS software from Invedion. All installations of version 2.0 are vulnerable by default.

📦 What is this software?

Webapp Builder by Webapp Builder Project

View all CVEs affecting Webapp Builder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, defacement, malware distribution, and use as a pivot point for attacking internal networks.

🟠

Likely Case

Website defacement, backdoor installation, credential theft, and SEO spam injection.

🟢

If Mitigated

Limited impact with proper web application firewalls, file upload restrictions, and intrusion detection systems in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB (ID 41540) and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://wordpress.org/plugins-wp/webapp-builder/

Restart Required: No

Instructions:

1. Immediately remove the WebApp Builder plugin v2.0 from all WordPress installations. 2. Delete all plugin files from the server. 3. Scan for any backdoors or malicious files that may have been uploaded. 4. Consider using alternative web application builder plugins.

🔧 Temporary Workarounds

Disable plugin via WordPress admin

all

Deactivate the WebApp Builder plugin through WordPress admin panel

Navigate to WordPress Admin > Plugins > Installed Plugins > Find 'WebApp Builder' > Click 'Deactivate'

Remove plugin files manually

linux

Delete plugin files from server filesystem

rm -rf /path/to/wordpress/wp-content/plugins/webapp-builder/

🧯 If You Can't Patch

Implement strict web application firewall rules to block file upload attempts to vulnerable endpoints
Enable file integrity monitoring on WordPress upload directories and alert on unauthorized file changes

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel for installed plugins. If WebApp Builder version 2.0 is present, the system is vulnerable.

Check Version:

wp plugin list --name=webapp-builder --field=version

Verify Fix Applied:

Confirm the plugin is no longer listed in WordPress admin > Plugins and verify the plugin directory does not exist on the filesystem.

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-content/plugins/webapp-builder/ upload endpoints
Unusual file uploads to WordPress directories
PHP file execution from upload directories

Network Indicators:

HTTP requests to known vulnerable endpoints in the plugin
Unusual outbound connections from web server

SIEM Query:

source="web_server_logs" AND (uri="/wp-content/plugins/webapp-builder/*" OR uri CONTAINS "webapp-builder")

📊 Metadata

CVE ID: CVE-2017-1002002

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: September 14, 2017

Last Updated: April 20, 2025

🔗 References

http://www.securityfocus.com/bid/96906 Third Party Advisory,VDB Entry
http://www.vapidlabs.com/advisory.php?v=181 Exploit,Third Party Advisory
https://wordpress.org/plugins-wp/webapp-builder/ Not Applicable
https://www.exploit-db.com/exploits/41540/ Exploit,Third Party Advisory,VDB Entry
http://www.securityfocus.com/bid/96906 Third Party Advisory,VDB Entry
http://www.vapidlabs.com/advisory.php?v=181 Exploit,Third Party Advisory
https://wordpress.org/plugins-wp/webapp-builder/ Not Applicable
https://www.exploit-db.com/exploits/41540/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-1002002, you might also want to check these: