WordPress Administrative Shortcodes Plugin Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the Administrative Shortcodes plugin for WordPress, affecting all versions through 0.3.4. The issue arises from inadequate path validation on user-supplied input in the 'slug' attribute of the 'get_template' shortcode, which is passed to the get_template_part() function. This vulnerability allows authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server. Exploitation could lead to executing PHP code from the included files, bypassing access controls, accessing sensitive data, or executing code in scenarios where 'safe' file types like images can be uploaded and included.

Impact

Successful exploitation allows for local file inclusion, enabling the execution of arbitrary PHP code from the included files on the server.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can use the 'get_template' shortcode with a crafted 'slug' attribute that points to a file on the server. The insufficient validation will allow the inclusion of the specified file, which can then be executed, potentially leading to code execution or access to sensitive data.