Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading

Skrevet den af i InfiniteWP Client

Information disclosure via unauthenticated limited directory traversal in debug-chart/index.php, allowing reading of arbitrary .txt files in the backups directory.

This vulnerability affects the following application versions:

  • InfiniteWP Client 1.9.4.1
  • InfiniteWP Client 1.9.4.4
  • InfiniteWP Client 1.9.4.5
  • InfiniteWP Client 1.9.4.6
  • InfiniteWP Client 1.9.4.8.2
  • InfiniteWP Client 1.9.4.11
  • InfiniteWP Client 1.9.6
  • InfiniteWP Client 1.9.8
  • InfiniteWP Client 1.9.9
  • InfiniteWP Client 1.11.0
  • InfiniteWP Client 1.11.1
  • InfiniteWP Client 1.12.1
  • InfiniteWP Client 1.12.3
  • InfiniteWP Client 1.12.3.1
  • InfiniteWP Client 1.12.5
  • InfiniteWP Client 1.13.0

Check added for add_site and read_site to avoid authentication bypass

Skrevet den af i InfiniteWP Client

The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the ‘historyID’ parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory.

This vulnerability affects the following application versions:

  • InfiniteWP Client 1.8.1
  • InfiniteWP Client 1.8.3
  • InfiniteWP Client 1.8.5
  • InfiniteWP Client 1.8.6
  • InfiniteWP Client 1.9.4.1
  • InfiniteWP Client 1.9.4.4