LT Unleashed WordPress Plugin Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the LT Unleashed plugin for WordPress, affecting all versions up to and including 1.1.1. The vulnerability arises from inadequate path sanitization in the 'template' parameter of the 'book' shortcode. This flaw allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server. Exploitation of this vulnerability could lead to the execution of PHP code contained in the included files, potentially bypassing access controls, accessing sensitive data, or executing code by including files like wp-config.php.

Impact

Exploitation of this vulnerability could allow for unauthorized file inclusion and execution, with the potential to execute arbitrary PHP code on the server.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can use the 'book' shortcode with a crafted 'template' parameter that exploits the local file inclusion flaw. The absence of proper path sanitization allows for the inclusion of arbitrary files from the server.