WordPress CopyPress theme <= 1.4.5 - Local File Inclusion vulnerability

Vulnerability

The CopyPress WordPress theme versions up to and including 1.4.5 contain an unauthenticated Local File Inclusion (LFI) vulnerability. This allows an attacker to include arbitrary local files from the server without requiring any authentication or prior knowledge. The vulnerability is present in the theme's file handling logic and can be triggered by sending a specially crafted HTTP request. [1]

Exploitation

An attacker with network access to the target website can exploit this vulnerability without any authentication. The attack involves sending a malicious request that manipulates a file path parameter to include local files. No user interaction is required. This vulnerability is considered highly dangerous and is expected to be used in mass-exploit campaigns targeting thousands of websites. [1]

Impact

Successful exploitation allows an attacker to read the contents of arbitrary local files on the server. This includes sensitive files such as wp-config.php which contains database credentials. With database credentials, an attacker could potentially gain complete control over the website's database, leading to data theft, modification, or further compromise. The impact is primarily information disclosure, but can escalate to full site takeover depending on the exposed credentials. [1]

Mitigation

The immediate mitigation is to update the CopyPress theme to a version newer than 1.4.5. If an update is not available or cannot be applied, website administrators should contact their hosting provider or a web developer for assistance. Given the active exploitation risk, applying the fix as soon as possible is critical. [1]