BlindMatrix e-Commerce WordPress Plugin Local File Inclusion Vulnerability

A local file inclusion (LFI) vulnerability has been identified in the BlindMatrix e-Commerce WordPress plugin, affecting versions prior to 3.1. The issue arises because the plugin fails to properly validate certain shortcode attributes before using them to generate file paths for include functions. This lack of validation allows authenticated users, including contributors, to exploit the vulnerability and perform LFI attacks.

Impact

Exploitation of this vulnerability allows authenticated users to include arbitrary files from the server, potentially leading to the disclosure of sensitive information or execution of malicious code.

Reproduction

To reproduce this vulnerability, an authenticated user (such as a contributor) can use a shortcode with an unvalidated attribute that points to a sensitive file, such as '/etc/passwd'. The plugin will include the specified file, demonstrating the local file inclusion vulnerability.

Remediation

Users are advised to update the BlindMatrix e-Commerce WordPress plugin to version 3.1 or later.