TicketBAI Facturas para WooCommerce Unauthenticated Arbitrary File Deletion Vulnerability
Vulnerability
A vulnerability allowing unauthenticated arbitrary file deletion has been identified in the TicketBAI Facturas para WooCommerce plugin for WordPress, affecting all versions through 3.18. The issue arises from inadequate validation of file paths in the 'delpdf' action, enabling attackers to delete arbitrary files on the server. This could lead to remote code execution if a critical file, such as wp-config.php, is removed.
Impact
Exploitation of this vulnerability could result in unauthorized deletion of files on the server, potentially leading to remote code execution if a sensitive file is deleted.
Reproduction
The vulnerability can be reproduced by sending a POST request to the WordPress site with the 'delpdf' action, along with the 'basepdf' parameter specifying the path of the file to be deleted. The request must include a valid nonce for authentication.
Remediation
Users are advised to update the TicketBAI Facturas para WooCommerce plugin to version 3.19 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.