Local File Include and PHAR Deserialization in wpForo Forum Plugin for WordPress
CVE-2023-2249

8.8HIGH

Key Information:

Vendor
Wordpress
Status
WPforo Forum
Vendor
CVE Published:
9 June 2023

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

The wpForo Forum plugin for WordPress is susceptible to Local File Include, Server-Side Request Forgery, and PHAR Deserialization. This vulnerability arises from the improper use of file_get_contents, which lacks adequate data verification. As a result, authenticated attackers, even with minimal permissions like those of a subscriber, can exploit this flaw to access sensitive files such as wp-config.php. They may also conduct deserialization attacks that could allow remote code execution and make unauthorized requests to internal services.

Affected Version(s)

wpForo Forum * <= 2.1.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-2249
Created by ixiacom

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/wpforo/tags/2....
https://plugins.trac.wordpress.org/browser/wpforo/tags/2....

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hamed
.