|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-05-21 | |
| Rule Name: | WordPress Shield Security Plugin Local File Inclusion Vulnerability (CVE-2023-6989) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. | |
| Impact: | When the file operation function in the application that does not filter the file path effectively, an attacker can import the path of a file which contains malicious code, causing a file inclusion vulnerability and executing malicious code. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3013699%40wp-simple-firewall&new=3013699%40wp-simple-firewall&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/063826cc-7ff3-4869-9831-f6a4a4bbe74c?source=cve |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://www.wordfence.com/threat-intel/vulnerabilities/id/063826cc-7ff3-4869-9831-f6a4a4bbe74c |