eMagicOne Store Manager for WooCommerce Unauthenticated Arbitrary File Deletion Vulnerability

A vulnerability allowing unauthenticated arbitrary file deletion has been identified in the eMagicOne Store Manager for WooCommerce WordPress plugin, affecting all versions through 1.2.5. The issue arises from inadequate file path validation in the delete_file() function, which enables attackers to delete arbitrary files on the server. This vulnerability could lead to remote code execution if a critical file, such as wp-config.php, is deleted. The exploitation is possible in default configurations where the default password is not changed, or if the attacker obtains the credentials.

Impact

Exploitation of this vulnerability allows for unauthenticated users to delete arbitrary files on the server, potentially leading to remote code execution if a sensitive file is removed.

Reproduction

To reproduce this vulnerability, send a POST request to the '?connector=bridge' endpoint with the default hashed credentials (login=1, password=1) and the 'delete_file' task. Include the path of the file to be deleted in the request. The response will confirm the successful deletion of the file.

Remediation

Users are advised to update to version 1.3.0 or later, where this vulnerability has been patched.