CAOS WordPress Plugin Path Traversal Vulnerability Allowing Arbitrary Folder Deletion

A vulnerability in the CAOS | Host Google Analytics Locally WordPress plugin, affecting versions prior to 4.1.9, allows high privilege users to exploit a path traversal issue. The plugin fails to properly validate the cache directory setting, enabling users to delete arbitrary folders by directing the plugin to a traversed path during uninstallation.

Impact

Exploitation of this vulnerability could lead to the unintentional deletion of critical WordPress directories, such as the wp-includes folder, potentially causing significant disruption to the website's functionality.

Reproduction

To reproduce this vulnerability, an admin user must enter a crafted payload that includes a path traversal sequence into the 'Cache directory for analytics.js' setting of the plugin. After selecting the 'Remove settings at Uninstall' option, the user can uninstall the plugin, which will trigger the deletion of the specified directory, such as wp-includes.

Remediation

Users are advised to update the CAOS | Host Google Analytics Locally WordPress plugin to version 4.1.9 or later.