WordPress Meta Keywords & Description Plugin Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the WordPress Meta Keywords & Description plugin, specifically in versions through 0.8. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion. Exploitation of this issue could enable a malicious actor to include local files from the target website and display their contents, potentially leading to a complete database takeover if sensitive information such as database credentials is accessed.

Impact

Exploitation of this vulnerability could allow for local file inclusion, enabling the inclusion of local files from the server and displaying their contents. This could be particularly dangerous if files containing sensitive information, like database credentials, are accessed, as it could lead to a complete takeover of the database, depending on the configuration.

Remediation

Users are advised to update to a version of the WordPress Meta Keywords & Description plugin that is later than 0.8. For those unable to update immediately, Patchstack offers a virtual patch that can be applied to mitigate the vulnerability until an official update is available.