Two essential vulnerabilities had been recognized within the WP Journey Engine, journey reserving plugin for WordPress that’s put in on greater than 20,000 web sites. Each vulnerabilities allow unauthenticated attackers to acquire just about full management of a web site and are rated 9.8 on the CVSS scale, very near the very best potential rating for essential flaws.
WP Journey Engine
The WP Journey Engine is a well-liked WordPress plugin utilized by journey companies to allow customers to plan itineraries, choose from completely different packages, and e-book any type of trip.
Improper Path Restriction (Path Traversal)
The primary vulnerability comes from improper file path restriction within the plugin’s set_user_profile_image operate
As a result of the plugin fails to validate file paths, unauthenticated attackers can rename or delete recordsdata anyplace on the server. Deleting a file comparable to wp-config.php disables the location’s configuration and may enable distant code execution. This flaw can allow an attacker to stage a distant code execution assault from the location.
Native File Inclusion by way of Mode Parameter
The second vulnerability comes from improper management of the mode parameter, which lets unauthenticated customers embody and run arbitrary .php recordsdata
This permits an attacker to run malicious code and and entry delicate information. Like the primary flaw, it has a CVSS rating of 9.8 and is rated as essential as a result of it permits unauthenticated code execution that may expose or injury web site information.
Suggestion
Each vulnerabilities have an effect on variations as much as and together with 6.6.7. Web site homeowners utilizing WP Journey Engine ought to replace the plugin to the most recent model as quickly as potential. Each vulnerabilities will be exploited with out authentication, so immediate updating is really useful to forestall unauthorized entry.
Featured Picture by Shutterstock/Hybrid_Graphics
