WordPress Wordfence 7.4.5 - Local File Inclusion

What is "WordPress Wordfence 7.4.5 - Local File Inclusion?"

The "WordPress Wordfence 7.4.5 - Local File Inclusion" module is designed to detect a vulnerability in the Wordfence plugin for WordPress. This vulnerability allows an attacker to include local files from the server, potentially leading to unauthorized access or information disclosure. The severity of this vulnerability is classified as high.

This module was authored by 0x_Akoko.

Impact

If successfully exploited, the local file inclusion vulnerability in Wordfence 7.4.5 can allow an attacker to access sensitive files on the server. This could include files containing passwords, configuration details, or other sensitive information. The impact of this vulnerability can be significant, as it may lead to further exploitation or compromise of the affected WordPress installation.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint:

/wp-content/plugins/wordfence/lib/wordfenceClass.php?file=/../../../../../../etc/passwd

The module then applies two matching conditions:

- Regex Matcher: The response is checked for the presence of the regex pattern "root:.*:0:0:". If this pattern is found, it indicates that the /etc/passwd file has been successfully included. - Status Matcher: The response status code is checked to ensure it is 200, indicating a successful request.

If both matching conditions are met, the module reports the vulnerability.

For more information, you can refer to the following references:

- https://www.exploit-db.com/exploits/48061 - https://www.nmmapper.com/st/exploitdet