MojoJoomla WPAMS Plugin Local File Inclusion Vulnerability
Vulnerability
A local file inclusion vulnerability has been identified in the MojoJoomla WPAMS WordPress plugin, affecting versions through 44.0. This vulnerability arises from improper control of filenames in include or require statements, allowing for the inclusion of local files on the server. Such inclusion could be exploited to escalate privileges, as the vulnerability could potentially be used to access files that contain sensitive information, like database credentials, leading to a complete takeover of the database, depending on the configuration.
Impact
Exploitation of this vulnerability could allow unauthorized users to include local files from the server, with the possibility of accessing sensitive information such as database credentials. This could lead to a complete takeover of the database, depending on the site's configuration.
Remediation
Users of the MojoJoomla WPAMS WordPress plugin are advised to update to the latest version or apply the virtual patch available through Patchstack, which blocks attacks targeting this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.