Integration Opvius AI for WooCommerce Path Traversal Vulnerability Allowing Unauthenticated Arbitrary File Deletion or Reading

A path traversal vulnerability has been identified in the Integration Opvius AI for WooCommerce plugin for WordPress, affecting all versions through 1.3.0. The vulnerability arises in the 'process_table_bulk_actions()' function, which handles user-supplied file paths without proper authentication, nonce verification, or path validation. This oversight enables unauthenticated attackers to delete or download arbitrary files from the server using the 'wsaw-log[]' POST parameter. Exploitation could lead to the deletion of critical files such as 'wp-config.php' or the unauthorized reading of sensitive configuration files.

Impact

Exploitation of this vulnerability could result in the unauthorized deletion of important files or the exposure of sensitive information from configuration files.

Reproduction

To reproduce this vulnerability, send a POST request to the WordPress site with the 'wsaw-log[]' parameter containing the path of the file to be deleted or downloaded. The 'process_table_bulk_actions()' function will process the request without authentication or validation, allowing for arbitrary file manipulation.