UiCore Elements WordPress Plugin Arbitrary File Read Vulnerability

A vulnerability allowing arbitrary file read has been identified in the UiCore Elements WordPress plugin, specifically in versions through 1.3.0. The issue arises in the prepare_template() function, where a lack of proper capability checks and inadequate controls on the specified filename allow unauthenticated attackers to read arbitrary files on the server. This could lead to the exposure of sensitive information.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive files on the server, potentially leading to further attacks or data breaches.

Reproduction

The vulnerability can be reproduced by sending a POST request to the WordPress REST API endpoint associated with the UiCore Elements plugin, specifically targeting the prepare_template() function. The request must include a filename parameter specifying the path of the file to be read. Since the vulnerability does not require authentication, it can be exploited by anyone.

Remediation

Users are advised to update the UiCore Elements WordPress plugin to version 1.3.1 or later, where this vulnerability has been patched.