Indie Plugins WhatsApp Click to Chat WordPress Plugin Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the WhatsApp Click to Chat Plugin for WordPress, affecting versions through 2.2.12. This vulnerability arises from improper control of filenames in include or require statements, allowing potential inclusion of local files from the server.

Impact

Exploitation of this vulnerability could lead to local file inclusion, allowing attackers to include and execute files from the server. This could be used to access sensitive information, such as database credentials, and potentially compromise the entire database, depending on the site's configuration.

Remediation

Users are advised to update to a version of the WhatsApp Click to Chat Plugin for WordPress later than 2.2.12. For those unable to update immediately, Patchstack offers a virtual patch that can be applied to mitigate the vulnerability until an official update is available.