CVE-2018-20985 in wp-payeezy-pay Plugin
Summary
by MITRE
The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 12/01/2023
The wp-payeezy-pay plugin for WordPress contains a critical local file inclusion vulnerability that affects versions prior to 2.98. This vulnerability exists within multiple plugin files including pay.php, donate.php, donate-rec, and pay-rec, creating multiple attack vectors for malicious actors to exploit. The flaw allows unauthorized users to include and execute arbitrary local files on the target system, potentially leading to complete system compromise. The vulnerability stems from insufficient input validation and sanitization within the plugin's file inclusion mechanisms, where user-supplied parameters are directly processed without proper security checks.
This local file inclusion vulnerability maps directly to CWE-22, which describes improper limitation of a pathname to a restricted directory, and CWE-98, which addresses execution of arbitrary code due to improper input validation. The attack surface is particularly concerning as it affects core plugin functionality related to payment processing and donations, making it attractive to threat actors seeking to exploit e-commerce systems. The vulnerability enables attackers to include local files through manipulation of input parameters, potentially allowing them to read sensitive system files, execute malicious code, or establish persistent access to the compromised WordPress installation.
The operational impact of this vulnerability extends beyond simple code execution, as it can lead to full system compromise of WordPress installations running affected plugin versions. Attackers can leverage this weakness to access database credentials, administrative access tokens, or other sensitive information stored on the server. The vulnerability also aligns with ATT&CK technique T1213.002, which involves data from information repositories, as it allows access to stored data through compromised plugin components. Additionally, this weakness enables privilege escalation attacks where attackers can manipulate the plugin's file inclusion logic to execute code with elevated privileges, potentially compromising the entire WordPress environment.
Organizations should immediately update to wp-payeezy-pay plugin version 2.98 or later to remediate this vulnerability. System administrators should also implement network monitoring to detect suspicious file inclusion patterns and consider implementing web application firewalls to block malicious requests targeting these specific endpoints. Regular security audits of WordPress plugins should include verification of input validation mechanisms and proper file handling procedures. The vulnerability highlights the importance of maintaining up-to-date WordPress plugins and implementing proper security controls around file inclusion operations. Organizations should also consider implementing principle of least privilege access controls and regular security assessments to identify similar vulnerabilities in other plugin components or custom code implementations.