InfiniteWP Client Path Traversal Vulnerability Allowing Arbitrary .txt File Reading

A path traversal vulnerability has been identified in the InfiniteWP Client plugin for WordPress, affecting all versions through 1.13.0. The vulnerability arises in the 'historyID' parameter of the '~/debug-chart/index.php' file, allowing unauthenticated attackers to read .txt files located outside the intended directory.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information contained in .txt files outside the application's designated directory.

Reproduction

To reproduce this vulnerability, send a request to the 'debug-chart/index.php' file with a 'historyID' parameter that includes a path traversal sequence. The request will be processed by the 'IWP_Debug_Chart' class, which reads log files based on the 'historyID' value. If the specified log files exist outside the intended directory, their contents will be returned, demonstrating the path traversal vulnerability.

Remediation

Users are advised to update the InfiniteWP Client plugin to version 1.13.1 or a newer patched version.