WordPress Softlab Core plugin < 1.2.11 - Local File Inclusion vulnerability

Vulnerability

Softlab Core versions prior to 1.2.11 contain an unauthenticated local file inclusion vulnerability. The plugin fails to properly validate or sanitize user-supplied input, allowing an attacker to include arbitrary local files from the server. No authentication is required to exploit this flaw, and no special configuration is needed beyond a standard installation of the plugin. Affected versions are all releases before 1.2.11 [1].

Exploitation

An attacker can exploit this vulnerability by sending crafted HTTP requests to the vulnerable plugin endpoint without any prior authentication. The attack does not require any user interaction or special privileges. By manipulating the file inclusion parameter, the attacker can specify paths to local files on the server. The attacker then receives the contents of those files in the HTTP response. The attack is network-based and can be performed remotely [1].

Impact

Successful exploitation allows an unauthenticated attacker to read arbitrary files from the target WordPress server. This can include sensitive files such as wp-config.php, which contains database credentials and security keys. With these credentials, the attacker could potentially take over the database entirely, depending on the server configuration (e.g., if the database user has broad privileges). This vulnerability is considered highly dangerous and is expected to be used in mass-exploit campaigns targeting thousands of websites [1].

Mitigation

The vulnerability has been fixed in version 1.2.11 or later. Users are strongly advised to update the plugin immediately to this patched version. For those unable to update, Patchstack provides a mitigation rule that blocks attacks until an update is applied. Automatic updates can be enabled for vulnerable plugins. No workarounds other than updating or using a web application firewall (WAF) rule are mentioned in the references [1].