WordPress Ads Pro Plugin Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the WordPress Ads Pro Plugin, specifically in versions through 4.88. This issue arises from improper control of filenames in include or require statements, allowing for PHP remote file inclusion. Exploitation of this vulnerability could enable a malicious actor to include local files from the target website and display their contents, potentially leading to a complete database takeover if sensitive information such as database credentials is accessed.

Impact

Exploitation of this vulnerability could allow for local file inclusion, with the risk of accessing sensitive files that could lead to a database takeover, depending on the site's configuration.

Remediation

Users of the WordPress Ads Pro Plugin are advised to update to a version later than 4.88. For those unable to update immediately, Patchstack offers a virtual patch that can be applied to mitigate the vulnerability until an official update is available.