Unauthenticated Remote Code Execution in e-signature plugin

Jan 13, 2021 | Security - Internet, WordPress, and otherwise

unauthenticated-remote-code-execution-in-e-signature-plugin Unauthenticated Remote Code Execution in e-signature plugin

During a recent audit we discovered an unauthenticated remote code execution in the plugin e-signature. All versions less than are vulnerable.

Disclosure / Response Timeline

  • January 7, 2021: Initial contact.
  • January 11, 2021: Patch is live.

Current State of the Vulnerability

Unauthenticated vulnerabilities are very serious because they can be easily automated. We strongly encourage e-signature users to update their plugin to version as soon as possible. Unfortunately this vulnerability is already being exploited.

Attacks in the wild

If you have older versions of this plugin installed and see requests to /wp-admin/admin-ajax.php?action=sif_upload_file your site may have already been compromised. The most recent attack is uploading the following malicious files:

  • wp-contact.php
  • coder.php

Because of the nature of the vulnerability, specifically its severity, we will not be disclosing additional details.


WordPress Development


seo news

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:


Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.