Two crucial vulnerabilities have been recognized within the WP Journey Engine, journey reserving plugin for WordPress that’s put in on greater than 20,000 web sites. Each vulnerabilities allow unauthenticated attackers to acquire just about full management of a web site and are rated 9.8 on the CVSS scale, very near the very best attainable rating for crucial flaws.
WP Journey Engine
The WP Journey Engine is a well-liked WordPress plugin utilized by journey businesses to allow customers to plan itineraries, choose from totally different packages, and guide any sort of trip.
Improper Path Restriction (Path Traversal)
The first vulnerability comes from improper file path restriction within the plugin’s set_user_profile_image operate
As a result of the plugin fails to validate file paths, unauthenticated attackers can rename or delete information anyplace on the server. Deleting a file corresponding to wp-config.php disables the positioning’s configuration and might permit distant code execution. This flaw can allow an attacker to stage a distant code execution assault from the positioning.
Native File Inclusion by way of Mode Parameter
The second vulnerability comes from improper management of the mode parameter, which lets unauthenticated customers embody and run arbitrary .php information
This permits an attacker to run malicious code and and entry delicate information. Like the primary flaw, it has a CVSS rating of 9.8 and is rated as crucial as a result of it permits unauthenticated code execution that may expose or injury website information.
Suggestion
Each vulnerabilities have an effect on variations as much as and together with 6.6.7. Web site homeowners utilizing WP Journey Engine ought to replace the plugin to the most recent model as quickly as attainable. Each vulnerabilities might be exploited with out authentication, so immediate updating is advisable to forestall unauthorized entry.
Featured Picture by Shutterstock/Hybrid_Graphics
