CVE-2023-4311
📋 TL;DR
The Vrm 360 3D Model Viewer WordPress plugin through version 1.2.1 contains an arbitrary file upload vulnerability due to insufficient security checks in a plugin shortcode. This allows attackers to upload malicious files to vulnerable WordPress sites. All WordPress installations using affected plugin versions are at risk.
💻 Affected Systems
- Vrm 360 3D Model Viewer WordPress Plugin
📦 What is this software?
Vrm360 by Maurice
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to ransomware deployment, data exfiltration, or website defacement through remote code execution.
Likely Case
Backdoor installation for persistent access, credential theft, or malware distribution from compromised sites.
If Mitigated
Limited impact with proper file upload restrictions, web application firewalls, and file integrity monitoring in place.
🎯 Exploit Status
Exploitation requires knowledge of vulnerable shortcode but is straightforward once identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.2 or later
Vendor Advisory: https://wpscan.com/vulnerability/21950116-1a69-4848-9da0-e912096c0fce
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Vrm 360 3D Model Viewer'. 4. Click 'Update Now' if update available. 5. If no update, deactivate and delete plugin immediately.
🔧 Temporary Workarounds
Disable Plugin
allDeactivate the vulnerable plugin to prevent exploitation.
wp plugin deactivate vrm-360-3d-model-viewer
Restrict File Uploads
linuxConfigure web server to block uploads of executable files via .htaccess or nginx rules.
# Add to .htaccess: <FilesMatch "\.(php|phtml|php3|php4|php5|php7|phps|phar|pl|py|jsp|asp|sh|cgi|exe)$">\n Order Allow,Deny\n Deny from all\n</FilesMatch>
🧯 If You Can't Patch
- Remove plugin shortcodes from all posts/pages/widgets
- Implement web application firewall with file upload protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Vrm 360 3D Model Viewer version. If version is 1.2.1 or earlier, you are vulnerable.Check Version:
wp plugin get vrm-360-3d-model-viewer --field=versionVerify Fix Applied:
Verify plugin version is 1.2.2 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to wp-content/uploads/vrm-360/ directory
- POST requests to /wp-admin/admin-ajax.php with file upload parameters
- Execution of unexpected PHP files in upload directories
Network Indicators:
- HTTP POST requests with file uploads to WordPress admin endpoints
- Unusual outbound connections from web server after file uploads
SIEM Query:
source="web_logs" AND (uri_path="/wp-admin/admin-ajax.php" AND method="POST" AND (form_data CONTAINS "action=vrm_360_upload" OR form_data CONTAINS "upload_file"))