Solwin Blog Designer PRO Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the Solwin Blog Designer PRO plugin for WordPress, affecting versions through 3.4.7. This vulnerability arises from improper control of filenames in include or require statements, allowing for the inclusion of local files from the target website. Such exploitation could potentially lead to the disclosure of sensitive information, like database credentials, and depending on the site's configuration, could allow for a complete takeover of the database.

Impact

Exploitation of this vulnerability could allow an attacker to include local files from the affected website, potentially leading to the disclosure of sensitive information such as database credentials. In some cases, this could result in a complete takeover of the database, depending on the site's configuration.

Remediation

Users are advised to update the Solwin Blog Designer PRO plugin to a version later than 3.4.7. For those unable to update immediately, Patchstack offers a virtual patch that can be applied to mitigate the vulnerability until an official update is available.