Cherry Framework Exploit

Cherry Framework Exploit

It seems there is an easy exploit in the popular Cherry Framework plugin for WordPress. It allows someone to easily upload or replace files on your website. Since it is in the “admin” section, I just created a simple Directory rule in my httpd.conf file:

<Directory /var/www/somewebsite.com/wp-content/plugins/cherry-plugin/admin/>
        Order allow,deny
	Allow from 192.168.0.0/16
        Allow from 127
</Directory>

And now nobody can access the exploit (unless they are already on my internal network of course). A quick band-aid until the developers fix the issue.

Leave a Reply