Blog

Cherry Framework Exploit

Written by on 27th July 2015 in security with Leave a comment

It seems there is an easy exploit in the popular Cherry Framework plugin for WordPress. It allows someone to easily upload or replace files on your website. Since it is in the “admin” section, I just created a simple Directory rule in my httpd.conf file:

<Directory /var/www/somewebsite.com/wp-content/plugins/cherry-plugin/admin/>
        Order allow,deny
	Allow from 192.168.0.0/16
        Allow from 127
</Directory>

And now nobody can access the exploit (unless they are already on my internal network of course). A quick band-aid until the developers fix the issue.

Posted Under:
Post Written by

I am the owner of Russell Draper & Associates, this is my personal blog where I will post whatever I feel like! I generally have comments disabled, due to spam-bots. If you wish to leave a comment please contact me via RDAIT.

Leave a Reply

You must be logged in to post a comment.