News and Blog Designer Bundle WordPress Plugin Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the News and Blog Designer Bundle plugin for WordPress, affecting all versions through 1.1. The vulnerability arises from the template parameter, allowing unauthenticated attackers to include and execute arbitrary PHP files on the server. This exploitation could bypass access controls, access sensitive data, or enable code execution in scenarios where PHP files can be uploaded and included.

Impact

Exploitation of this vulnerability could lead to unauthorized inclusion and execution of PHP files on the server, potentially allowing attackers to execute arbitrary PHP code, bypass access controls, or access sensitive information.

Reproduction

To reproduce this vulnerability, send a request to the WordPress site with the template parameter set to a value that includes a path to a PHP file on the server. The request can be made via AJAX to the 'wp_ajax_nbdb_fetch_more_post' action. The included PHP file will be executed on the server, allowing for code execution or access to sensitive data, depending on the contents of the file.