WebGeniusLab Seofy Core Path Traversal Vulnerability Leading to Local File Inclusion
Vulnerability
A path traversal vulnerability allowing PHP local file inclusion has been identified in the WebGeniusLab Seofy Core plugin for WordPress, affecting versions through 1.4.5. This vulnerability arises from improper restrictions on pathname navigation, which could be exploited to include and execute local files on the server.
Impact
Exploitation of this vulnerability could lead to local file inclusion, allowing attackers to include and execute files from the server. This could potentially be used to access sensitive information, such as database credentials, and could result in a complete takeover of the database, depending on the server's configuration.
Remediation
Users are advised to update to a version of the Seofy Core plugin for WordPress that is later than 1.4.5. For those using Patchstack, a virtual patch is available to mitigate this vulnerability until an official fix can be applied.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.