Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download

What is the "Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download" module?

The "Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download" module is designed to detect a vulnerability in the WordPress WooCommerce plugin version 1.2.7 and below. This vulnerability allows unauthenticated users to download sensitive files from the server.

This module has a severity level of high, indicating that it poses a significant risk to the security of the affected system.

Impact

If exploited, this vulnerability can expose sensitive information stored in the WordPress configuration file, such as the database name and password. This information can be used by attackers to gain unauthorized access to the database and potentially compromise the entire WordPress installation.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint /wp-admin/admin-post.php?alg_wc_pif_download_file=../../../../../wp-config.php. It then checks the response body for the presence of specific keywords, such as DB_NAME and DB_PASSWORD, to determine if the configuration file has been successfully accessed.

In addition to checking the response body, the module also verifies that the HTTP status code is 200, indicating a successful request.

If both conditions are met, the module reports a vulnerability, indicating that the site is susceptible to unauthenticated file downloads.

It is important to address this vulnerability promptly by updating the WooCommerce plugin to a version that is not affected by this issue.