CVE-2023-6090
📋 TL;DR
This vulnerability allows attackers to upload arbitrary files to WooCommerce sites using the Mollie Payments plugin, potentially leading to remote code execution. It affects all WordPress sites running Mollie Payments for WooCommerce versions up to 7.3.11. Attackers could upload malicious files like PHP shells to gain control of the server.
💻 Affected Systems
- Mollie Payments for WooCommerce
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise via remote code execution, allowing attackers to steal data, install malware, or pivot to other systems.
Likely Case
Website defacement, data theft, or installation of backdoors for persistent access.
If Mitigated
Limited impact if file uploads are restricted to authenticated users only and proper file type validation is in place.
🎯 Exploit Status
Exploitation requires no authentication and is straightforward with publicly available proof-of-concept code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.3.12 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Mollie Payments for WooCommerce'. 4. Click 'Update Now' if available, or manually update to version 7.3.12+. 5. Verify the plugin version after update.
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the Mollie Payments plugin until patched.
wp plugin deactivate mollie-payments-for-woocommerce
Restrict file uploads via .htaccess
linuxBlock execution of uploaded files in the uploads directory.
<FilesMatch "\.(php|php5|php7|phtml|phar)$">
Order Allow,Deny
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Disable the Mollie Payments plugin immediately.
- Implement web application firewall (WAF) rules to block file upload attempts to vulnerable endpoints.
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in WordPress admin under Plugins > Installed Plugins. If version is 7.3.11 or lower, it is vulnerable.Check Version:
wp plugin get mollie-payments-for-woocommerce --field=versionVerify Fix Applied:
Verify the plugin version is 7.3.12 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /wp-content/uploads/mollie-payments-uploads/ or similar paths
- POST requests to upload endpoints with PHP or executable file extensions
Network Indicators:
- HTTP POST requests to upload-related endpoints with suspicious file types
SIEM Query:
source="web_logs" AND (uri_path="/wp-content/plugins/mollie-payments-for-woocommerce/*upload*" OR uri_path="/wp-admin/admin-ajax.php") AND (file_extension="php" OR file_extension="phtml" OR file_extension="phar")🔗 References
- https://patchstack.com/database/vulnerability/mollie-payments-for-woocommerce/wordpress-mollie-payments-for-woocommerce-plugin-7-3-11-arbitrary-file-upload-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/mollie-payments-for-woocommerce/wordpress-mollie-payments-for-woocommerce-plugin-7-3-11-arbitrary-file-upload-vulnerability?_s_id=cve
