Creta Testimonial Showcase WordPress Plugin Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the Creta Testimonial Showcase WordPress plugin, affecting versions prior to 1.2.4. This vulnerability allows authenticated attackers with editor-level access or higher to include and execute arbitrary files on the server. As a result, any PHP code contained in those files could be executed.

Impact

Exploitation of this vulnerability could lead to unauthorized file inclusion, allowing attackers to execute arbitrary PHP code on the server.

Reproduction

To reproduce this vulnerability, create a new shortcode in the WordPress admin panel under 'Creta Testimonial Showcase' post type. Intercept the request and modify the 'cretats_layout' parameter to include four directory traversal sequences, targeting the 'wp-config.php' file. After saving the post, insert the shortcode into a page and load the page. WordPress will attempt to include the specified file, which can be verified by the resulting error or by using a proof file that confirms the inclusion.

Remediation

Users are advised to update the Creta Testimonial Showcase WordPress plugin to version 1.2.4 or later.