WordPress Plugin Mac Photo Gallery Path Traversal Vulnerability Allowing Arbitrary File Download

A path traversal vulnerability has been identified in WordPress Plugin Mac Photo Gallery version 3.0. This vulnerability allows unauthenticated attackers to download arbitrary files by manipulating the 'albid' parameter. By sending requests to 'macdownload.php' with directory traversal sequences, attackers can access sensitive files, such as 'wp-load.php', outside the designated plugin directory.

Impact

Exploitation of this vulnerability could lead to unauthorized access and download of sensitive files from the server, potentially including files that could be used to compromise the WordPress installation or the underlying server.

Reproduction

To reproduce this vulnerability, send a request to 'macdownload.php' with the 'albid' parameter set to a value that includes directory traversal sequences. This will allow access to files outside the plugin's intended directory. The vulnerability can be exploited manually or with an automated script.