PixelYourSite WordPress Plugin Local File Inclusion Vulnerability

A local file inclusion (LFI) vulnerability has been identified in the PixelYourSite WordPress plugin, affecting versions prior to 11.1.2. The issue arises because the plugin does not properly validate certain URL parameters before using them to generate file paths, which can be exploited by administrators to access sensitive files on the server.

Impact

Exploitation of this vulnerability allows for local file inclusion, where an attacker can read arbitrary files from the server. In the provided proof of concept, the contents of the wp-config.php file were successfully retrieved.

Reproduction

To reproduce this vulnerability, navigate to the 'PixelYour Site -> Dashboard' and locate the 'GTM Tag' section. Copy the link for 'GTM Container Version 1.1', which will direct to a page containing various URL parameters. Modify the 'download_container' parameter to include a path traversal sequence that targets the wp-config.php file. After submitting the modified link, the response will include the contents of the wp-config.php file, demonstrating successful exploitation.

Remediation

Users are advised to update the PixelYourSite WordPress plugin to version 11.1.2 or later.