CVE-2023-31215 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2023-31215?

CVE-2023-31215 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Dropshipping & Affiliation with Amazon plugin. Attackers can upload malicious files like PHP shells, leading to remote code execution. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Dropshipping & Affiliation with Amazon plugin. Attackers can upload malicious files like PHP shells, leading to remote code execution. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

Dropshipping & Affiliation with Amazon WordPress plugin

Versions: All versions up to and including 2.1.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with this specific plugin enabled.

📦 What is this software?

Dropshipping \& Affiliation With Amazon by Amadercode

View all CVEs affecting Dropshipping \& Affiliation With Amazon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise - attackers gain full control of the WordPress site and potentially the underlying server, allowing data theft, defacement, or use as a foothold for lateral movement.

🟠

Likely Case

Website defacement, malware injection, or backdoor installation leading to persistent unauthorized access and potential data exfiltration.

🟢

If Mitigated

Limited impact if file uploads are restricted by web application firewall or server-side controls, though the vulnerability remains exploitable.

🌐 Internet-Facing: HIGH - WordPress plugins are typically exposed to the internet, making this directly accessible to attackers.

🏢 Internal Only: LOW - This is a web application vulnerability requiring HTTP access to the WordPress site.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

File upload vulnerabilities are commonly exploited with simple HTTP requests. Public exploit details are available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.3 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-amazon-shop/wordpress-dropshipping-affiliation-with-amazon-plugin-2-1-2-arbitrary-file-upload-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Dropshipping & Affiliation with Amazon'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 2.1.3+ from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily deactivate the vulnerable plugin until patched

Web Application Firewall rule

all

Block file upload requests to the plugin's upload endpoint

Example WAF rule: Block requests where URI contains '/wp-content/plugins/wp-amazon-shop/' AND contains file upload parameters

🧯 If You Can't Patch

Remove the plugin completely if not essential for business operations
Implement strict file upload restrictions at server level (e.g., .htaccess rules blocking PHP execution in upload directories)

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Dropshipping & Affiliation with Amazon → Version. If version is 2.1.2 or lower, you are vulnerable.

Check Version:

wp plugin list --name='Dropshipping & Affiliation with Amazon' --field=version (WP-CLI) OR check wp-content/plugins/wp-amazon-shop/readme.txt

Verify Fix Applied:

Confirm plugin version is 2.1.3 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to plugin upload endpoints with suspicious file extensions (.php, .phtml, .php5)
Files with unusual names appearing in wp-content/uploads/ or plugin directories

Network Indicators:

Unusual outbound connections from WordPress server after file uploads
HTTP requests with file upload parameters to plugin-specific URLs

SIEM Query:

source="web_logs" AND (uri="/wp-content/plugins/wp-amazon-shop/*" AND method="POST" AND (file_extension="php" OR file_extension="phtml"))

📊 Metadata

CVE ID: CVE-2023-31215

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: December 20, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31215, you might also want to check these: