Description
WordPress Plugin Google Drive for WordPress is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin Google Drive for WordPress version 2.2 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
https://lenonleite.com.br/en/publish-exploits/plugin-google-drive-for-wordpress-2-2-rce-unlik/
https://www.youtube.com/watch?v=_536kM2-TZI
https://www.exploit-db.com/exploits/44435/
https://packetstormsecurity.com/files/147132/WordPress-Google-Drive-2.2-Remote-Code-Execution.html
Related Vulnerabilities
WordPress Plugin Fancy Product Designer-WooCommerce Arbitrary File Upload (4.5.1)
WordPress Plugin Numbers generator and validator Multiple Unspecified Vulnerabilities (1.02)
Jboss EAP Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2016-4993)
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17669)