WordPress Event Manager Plugin Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress, affecting all versions through 4.0.24. The vulnerability arises from the 'style' parameter, allowing authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server. This exploitation could bypass access controls, access sensitive data, or execute code in cases where 'safe' file types like images can be uploaded and included.

Impact

Exploitation of this vulnerability could lead to unauthorized file inclusion, allowing execution of arbitrary PHP code on the server. This could be used to bypass access controls, access sensitive information, or execute malicious code, especially in scenarios where 'safe' file types can be uploaded and included.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can manipulate the 'style' parameter in a request to the affected WordPress site. This can be done by uploading a file that includes PHP code, which can then be executed on the server.

Remediation

Users are advised to update the Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin to version 4.0.25 or later.