WordPress Plugin Vulnerabilities
WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF
Description
The plugin has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders
Proof of Concept
Make a logged in user with the wpcode_activate_snippets capability open the URL below https://example.com/wp-admin/admin.php?page=wpcode-tools&view=logs&wpcode_action=delete_log&log=../../delete-me.log This will make them delete the ~/wp-content/delete-me.log
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-04-03 (about 1 years ago)
Added
2023-04-03 (about 1 years ago)
Last Updated
2023-04-03 (about 1 years ago)