CVE-2023-29102
📋 TL;DR
This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the Olive One Click Demo Import plugin. Attackers can upload malicious files like PHP shells to achieve remote code execution. All WordPress sites using affected plugin versions are at risk.
💻 Affected Systems
- Olive One Click Demo Import WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, ransomware deployment, or website defacement through remote code execution.
Likely Case
Attackers upload web shells to gain persistent access, install malware, or create backdoors for future attacks.
If Mitigated
With proper file upload restrictions and web application firewalls, impact is limited to potential file storage abuse without code execution.
🎯 Exploit Status
Exploitation requires no authentication and is trivial with publicly available proof-of-concept code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 1.1.1
Restart Required: No
Instructions:
1. Update plugin to latest version via WordPress admin panel. 2. Verify plugin version is greater than 1.1.1. 3. No server restart required.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the Olive One Click Demo Import plugin until patched.
wp plugin deactivate olive-one-click-demo-import
Restrict File Uploads
linuxConfigure web server to block execution of uploaded files in wp-content/uploads directory.
Add 'Options -ExecCGI' and 'RemoveHandler .php .php5 .php7 .phtml' to .htaccess in uploads directory
🧯 If You Can't Patch
- Implement web application firewall rules to block file uploads to vulnerable endpoints
- Monitor file upload directories for suspicious PHP files and implement file integrity monitoring
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel for plugin version. If Olive One Click Demo Import is installed and version is 1.1.1 or lower, system is vulnerable.Check Version:
wp plugin get olive-one-click-demo-import --field=versionVerify Fix Applied:
Verify plugin version is greater than 1.1.1 in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to wp-content/uploads directory
- POST requests to plugin-specific upload endpoints
- Execution of PHP files from uploads directory
Network Indicators:
- HTTP POST requests with file uploads to /wp-content/plugins/olive-one-click-demo-import/ endpoints
SIEM Query:
source="web_server" AND (uri_path="/wp-content/plugins/olive-one-click-demo-import/" AND method="POST" AND content_type="multipart/form-data")🔗 References
- https://patchstack.com/database/vulnerability/olive-one-click-demo-import/wordpress-olive-one-click-demo-import-plugin-1-0-9-arbitrary-file-upload-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/olive-one-click-demo-import/wordpress-olive-one-click-demo-import-plugin-1-0-9-arbitrary-file-upload-vulnerability?_s_id=cve
