CVE-2023-34385 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2023-34385?

CVE-2023-34385 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Export Import Menus plugin. Attackers can upload malicious files like PHP webshells, leading to remote code execution. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Export Import Menus plugin. Attackers can upload malicious files like PHP webshells, leading to remote code execution. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

WordPress Export Import Menus Plugin

Versions: All versions up to and including 1.8.0

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin activated. No special configuration needed.

📦 What is this software?

Export Import Menus by Akshaymenariya

View all CVEs affecting Export Import Menus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise via remote code execution, allowing attackers to install backdoors, steal data, deface websites, or pivot to internal networks.

🟠

Likely Case

Website defacement, malware injection, credential theft, or installation of cryptocurrency miners through uploaded webshells.

🟢

If Mitigated

If file uploads are restricted via web application firewall or server configuration, impact limited to denial of service through file system exhaustion.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires no authentication and uses simple HTTP requests. Public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.1 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/export-import-menus/wordpress-export-import-menus-plugin-1-8-0-arbitrary-file-upload-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Export Import Menus'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.8.1+ from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate export-import-menus

Restrict File Uploads via .htaccess

linux

Block PHP file uploads to the plugin's upload directory

<FilesMatch "\.(php|php5|phtml|phar)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

Remove the Export Import Menus plugin completely from the WordPress installation
Implement web application firewall rules to block file uploads to the affected plugin endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Export Import Menus version. If version is 1.8.0 or earlier, you are vulnerable.

Check Version:

wp plugin get export-import-menus --field=version

Verify Fix Applied:

Verify plugin version is 1.8.1 or later in WordPress admin panel. Test file upload functionality with non-whitelisted file types.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /wp-content/plugins/export-import-menus/ with file uploads
Files with .php extension appearing in plugin upload directories
Unusual process execution from web server user

Network Indicators:

POST requests with file uploads to plugin-specific endpoints
Unexpected outbound connections from web server

SIEM Query:

source="web_server" AND (uri_path="/wp-content/plugins/export-import-menus/" AND method="POST" AND content_type="multipart/form-data")

📊 Metadata

CVE ID: CVE-2023-34385

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: December 20, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34385, you might also want to check these: