SportsPress WordPress Plugin Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the SportsPress plugin for WordPress, affecting all versions through 2.7.26. The vulnerability arises from the 'template_name' attribute in shortcodes, allowing authenticated attackers with contributor-level permissions or higher to include and execute arbitrary files on the server. This exploitation could bypass access controls, access sensitive data, or execute PHP code from uploaded files.

Impact

Exploitation of this vulnerability could lead to unauthorized file inclusion, allowing execution of arbitrary PHP code on the server. This could be used to bypass access controls, access sensitive information, or execute malicious code, especially in cases where uploaded files can be included as PHP scripts.

Reproduction

To reproduce this vulnerability, an authenticated user with contributor-level or higher permissions can use a shortcode that includes the 'template_name' attribute. The attribute can be crafted to include a file from the server, exploiting the local file inclusion vulnerability.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.