Executive Summary

This vulnerability exists in the CSV to SortTable WordPress plugin through version 4.2. It occurs because the plugin does not properly validate certain shortcode attributes before using them to generate file paths that are passed to include functions. This flaw allows any authenticated user, including those with contributor-level permissions, to perform Local File Inclusion (LFI) attacks, potentially accessing sensitive files on the server.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can allow authenticated users with low-level permissions to perform Local File Inclusion attacks. This means they could potentially read sensitive files on the server, leading to information disclosure, which could compromise the security and integrity of the website and its data.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the WordPress site is running the CSV to SortTable plugin version 4.2 or earlier and if authenticated users with contributor-level permissions can use shortcodes to include arbitrary files. A practical detection method is to attempt to add a shortcode such as [csv src=/malicious.php] in a post or page and see if the file is included and executed. There are no specific network commands provided, but verifying plugin version and testing shortcode behavior in a controlled environment can help detect the vulnerability. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting contributor-level users from adding or editing shortcodes that can include files, removing or disabling the CSV to SortTable plugin if possible, and monitoring for suspicious shortcode usage. Since there is currently no known fix for this vulnerability, limiting user permissions and plugin usage is critical to reduce risk. [1]

Useful 0 Not Useful 0