Gutenberg Thim Blocks Arbitrary File Read Vulnerability

A vulnerability allowing arbitrary file reads has been identified in the Gutenberg Thim Blocks plugin for WordPress, affecting all versions through 1.0.1. The issue arises from inadequate path validation in the server-side rendering of the 'thim-blocks/icon' block. This flaw enables authenticated attackers with Contributor-level access or higher to read arbitrary files on the server by exploiting the 'iconSVG' parameter, potentially accessing sensitive information such as the wp-config.php file.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server, including configuration files that may contain critical information such as database credentials.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can send a request to the server that includes the 'iconSVG' parameter. This parameter can be crafted to reference a file that the attacker wishes to read, such as wp-config.php. The server's response will include the contents of the specified file, demonstrating the arbitrary file read capability.

Remediation

Users are advised to update the Gutenberg Thim Blocks plugin to version 1.0.2 or a newer patched version.