WordPress Plugin Anti-Malware Security and Bruteforce Firewall Directory Traversal Vulnerability

A directory traversal vulnerability has been identified in the WordPress Plugin Anti-Malware Security and Bruteforce Firewall, specifically in version 4.20.59. This vulnerability allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Exploitation involves sending requests to the duplicator_download action via admin-ajax.php, using path traversal sequences to access sensitive system files outside the intended directory.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server, potentially exposing confidential information or system configurations.

Reproduction

The vulnerability can be reproduced by sending a request to 'wp-admin/admin-ajax.php' with the 'action' parameter set to 'duplicator_download'. The 'file' parameter should be manipulated to include path traversal sequences, such as '..', to access files outside the intended directory. This can be done using a tool like Burp Suite or through a simple script that automates the request.