Capturly WordPress Plugin Local File Inclusion Vulnerability
Vulnerability
A local file inclusion vulnerability has been identified in the Capturly WordPress plugin, affecting versions through 2.0.1. This vulnerability arises from improper control of filenames in include or require statements, allowing for the inclusion of local files from the target website. Such inclusion could potentially expose sensitive information, such as database credentials, leading to a complete takeover of the database, depending on the site's configuration.
Impact
Exploitation of this vulnerability could allow a malicious actor to include and execute local files on the server, with the potential to access sensitive information such as database credentials. In some cases, this could lead to a complete takeover of the database.
Remediation
Users are advised to update to a version of the Capturly WordPress plugin that is not vulnerable to this issue. However, as of now, no official fix is available. Patchstack has issued a virtual patch that can be applied to mitigate the vulnerability until an official update is released.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.