Game Users Share Buttons WordPress Plugin Arbitrary File Deletion Vulnerability

A vulnerability allowing arbitrary file deletion has been identified in the Game Users Share Buttons plugin for WordPress, affecting all versions through 1.3.0. The issue arises from inadequate file path validation in the ajaxDeleteTheme() function, which enables Subscriber-level attackers to manipulate the themeNameId parameter in AJAX requests. This manipulation can lead to the deletion of critical files, such as wp-config.php, potentially allowing for remote code execution.

Impact

Exploitation of this vulnerability could result in unauthorized deletion of files on the server, including sensitive files like wp-config.php. Such actions could lead to remote code execution, allowing an attacker to execute arbitrary code on the server.

Reproduction

To reproduce this vulnerability, a Subscriber-level user can send an AJAX request to the 'wp_ajax_game_users_share_buttons_ajax_delete_theme' action. The request must include a crafted themeNameId parameter that specifies a file path targeting a sensitive file, such as wp-config.php. The insufficient validation in the ajaxDeleteTheme() function will allow the deletion of the specified file.

Remediation

No known patch is available for this vulnerability. It is recommended to uninstall the affected plugin and consider using an alternative.