MIPL WC Multisite Sync Directory Traversal Vulnerability Allowing Unauthenticated Arbitrary File Download
Vulnerability
A directory traversal vulnerability has been identified in the MIPL WC Multisite Sync plugin for WordPress, affecting all versions through 1.1.5. The vulnerability arises from improper validation in the 'mipl_wc_sync_download_log' action, allowing unauthenticated users to access and read arbitrary files on the server. This could lead to the exposure of sensitive information.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive files on the server, potentially leading to information disclosure.
Reproduction
The vulnerability can be reproduced by sending a request to the 'mipl_wc_sync_download_log' action with a crafted 'log-file' parameter that includes directory traversal sequences. This will bypass the intended file access restrictions and allow the download of arbitrary files from the server.
Remediation
Users are advised to update the MIPL WC Multisite Sync plugin to version 1.1.6 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.