WordPress Helpdesk Integration Local File Inclusion Vulnerability
Vulnerability
A local file inclusion vulnerability has been identified in the WordPress Helpdesk Integration plugin, affecting all versions through 5.8.10. The issue arises in the 'portal_type' parameter, allowing unauthenticated attackers to include and execute arbitrary PHP files on the server. This vulnerability could be exploited to bypass access controls, access sensitive information, or execute code in scenarios where PHP files can be uploaded and included.
Impact
Exploitation of this vulnerability could lead to unauthorized access and execution of PHP code on the server, potentially allowing attackers to bypass access controls, access sensitive data, or execute malicious code.
Reproduction
To reproduce this vulnerability, send a request to the WordPress site with the 'portal_type' parameter set to a value that includes a PHP file. This can be done by manipulating the parameter in a way that the server processes the included file, such as through a crafted URL or form submission.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.