Livemesh Addons for Elementor Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the Livemesh Addons for Elementor plugin for WordPress, affecting all versions through 9.0. The issue arises from inadequate sanitization of the template name parameter in the 'lae_get_template_part()' function. This vulnerability allows authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server. Exploitation requires tricking an administrator into taking an action or installing Elementor.

Impact

Exploitation of this vulnerability could lead to unauthorized inclusion and execution of local files on the server, potentially allowing for further exploitation or access escalation.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can manipulate the widget's template parameter to include a file from the server. This is done by using recursive directory traversal patterns to bypass the plugin's basic sanitization, exploiting the 'lae_get_template_part()' function.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.