Recover Exit For WooCommerce Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the Recover Exit For WooCommerce plugin for WordPress, affecting all versions up to and including 1.0.3. The issue arises from inadequate validation and sanitization of the user-controlled 'tpf' POST parameter, which is used in an 'include()' path within the 'recover_exit()' function. This vulnerability allows unauthenticated attackers to perform path traversal and include unintended local PHP files, potentially leading to exposure of sensitive information and, in some cases, code execution.

Impact

Exploitation of this vulnerability could result in local file inclusion, allowing attackers to include and execute local PHP files on the server.

Reproduction

To reproduce this vulnerability, send a POST request to a WooCommerce site with the 'tpf' parameter set to a value that traverses the file system and includes a local PHP file. This can be done by manipulating the 'tpf' parameter to perform path traversal and include unintended files, such as those containing sensitive information or executable code.