This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Local File Inclusion (LFI) via `template` param. π₯ **Consequences**: Attackers can include arbitrary `.php` files, leading to full server compromise, data theft, and remote code execution.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **CWE**: CWE-98 (Improper Control of Filename for Include/Require). π **Flaw**: The plugin fails to sanitize the `template` parameter in `class-nbdb-ajax.php`, allowing malicious file paths.
Q3Who is affected? (Versions/Components)
π¦ **Vendor**: vaghasia3. π **Product**: News and Blog Designer Bundle. π **Affected**: Versions **1.1 and earlier**. π **Platform**: WordPress.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Unauthenticated access required. π **Data**: Sensitive server files. β‘ **Action**: Execute arbitrary PHP code. πͺ **Impact**: Bypass access controls, steal data, or take over the server.
π **Exploit**: **YES**. π **PoC**: Publicly available on GitHub (Kai-One001). π **Status**: Wild exploitation possible due to low barrier to entry.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for `News and Blog Designer Bundle` plugin. π **Version**: Verify if version β€ 1.1. π§ͺ **Test**: Look for LFI vectors in AJAX requests targeting the `template` parameter.
π§ **Workaround**: Disable the plugin if not used. π **Block**: Restrict access to `class-nbdb-ajax.php`. π§Ή **Clean**: Remove plugin files if unnecessary. π **Monitor**: Watch for suspicious file inclusion logs.
Q10Is it urgent? (Priority Suggestion)
π₯ **Priority**: **CRITICAL**. π **CVSS**: 9.8 (High). β³ **Urgency**: Patch immediately. π¨ **Risk**: Unauthenticated RCE makes this a high-priority target for attackers.