Code Explorer WordPress Plugin Path Traversal Vulnerability Allowing Arbitrary File Read

A path traversal vulnerability has been identified in the Code Explorer plugin for WordPress, affecting all versions through 1.4.6. This vulnerability allows authenticated attackers with Administrator-level access to read arbitrary files on the server, potentially exposing sensitive information. The issue arises in the 'file' parameter, where improper validation allows for traversal sequences to access files outside the intended directory.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server, which may include configuration files, user data, or other critical information.

Reproduction

To reproduce this vulnerability, an authenticated user with Administrator privileges can send a request to the WordPress site with the 'file' parameter set to a path that includes traversal sequences. The request can be made through the WordPress admin interface or via a direct HTTP request. Once the request is processed, the contents of the specified file will be returned, bypassing normal file access restrictions.

Remediation

No known patch is available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.