In what has been been far to common an occurrence over the last couple of months, we have again spotted what looks to be someone probing for usage of a WordPress plugin on one of our website, likely in perpetration for trying to exploit a vulnerability in it, in which we have then found that a very exploitable vulnerability is in the current version of the plugin and doesn’t have appear to have been previously disclosed.

This time it involves an arbitrary file upload vulnerability in Advanced AJAX Page Loader, which according to wordpress.org has 4,000+ active installs. Yesterday we had a request for the following file in the plugin: /wp-content/plugins/advanced-ajax-page-loader/reload_code.js. Since we didn’t have any vulnerabilities for this plugin already included in our data and couldn’t find any public information on a vulnerability that had existed in it, we went looking for something that someone might try to exploit. We quickly found that functionality for uploading an image through the plugin was accessible to anyone and that the protection on what types of files could be uploaded was easily bypassed leading to the arbitrary file upload vulnerability. [Read more]