HT Contact Form Widget for Elementor and Gutenberg Directory Traversal Vulnerability Allowing Arbitrary File Moves
Vulnerability
A vulnerability exists in the HT Contact Form Widget for Elementor Page Builder and Gutenberg Blocks, affecting all versions through 2.2.1. The issue arises from inadequate validation of file paths in the handle_files_upload() function, allowing unauthenticated attackers to move arbitrary files on the server. This vulnerability could easily lead to remote code execution if a sensitive file, such as wp-config.php, is relocated.
Impact
Exploitation of this vulnerability could result in unauthorized file movements on the server, potentially leading to remote code execution, especially if a critical file is targeted.
Reproduction
The vulnerability can be reproduced by uploading a file through the contact form widget. The handle_files_upload() function will process the upload without properly validating the file path, allowing the file to be moved to an arbitrary location on the server.
Remediation
Users are advised to update the HT Contact Form Widget to version 2.2.2 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.