Wptobe Memberships WordPress Plugin Arbitrary File Deletion Vulnerability

A vulnerability allowing arbitrary file deletion has been identified in the Wptobe Memberships plugin for WordPress, affecting all versions through 3.4.2. The issue arises from inadequate file path validation in the del_img_ajax_call() function. This vulnerability enables authenticated attackers with Subscriber-level access or higher to delete arbitrary files from the server. Such file deletions could lead to remote code execution, particularly if critical files like wp-config.php are removed.

Impact

Exploitation of this vulnerability could result in unauthorized deletion of files on the server, potentially leading to remote code execution if a sensitive file is deleted.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the del_img_ajax_call() function via AJAX. The request must include the path of the file to be deleted, bypassing the insufficient validation of file paths. Once the request is processed, the specified file will be deleted from the server.

Remediation

No known patch is available for this vulnerability. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.