WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Directorist < 7.5.4 - Admin+ LFI

Description

The plugin is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.

Proof of Concept

This PoC will work on Linux systems.

1. Navigate to the URL path: /wp-admin/edit.php?post_type=at_biz_dir&page=tools&step=2&file=/etc/passwd&delimiter=;
2.. You will be presented with the first couple lines of the /etc/passwd file
3. In the "map to field" section, select "Title" and click "Run Importer"
6. You will then be presented with a bunch of "pending" listings, with the title for each listing presenting a new line of content from the `/etc/passwd` file

Affects Plugins

directorist
Fixed in version 7.5.4

References

CVE
CVE-2023-2252

Classification

Type

LFI

OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Original Researcher

rSolutions Security Team

Submitter

rSolutions Security Team

Submitter website
https://rsolutions.com
Verified

Yes

WPVDB ID
9da6eede-10d0-4609-8b97-4a5d38fa8e69

Timeline

Publicly Published

2023-05-10 (about 4 months ago)

Added

2023-05-10 (about 4 months ago)

Last Updated

2023-05-10 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin