WordPress Plugin iThemes Security Full Path Disclosure Scanner

The WordPress Plugin iThemes Security is a popular security plugin used by website administrators to enhance the security of their WordPress websites. It is developed by iThemes and is designed to protect WordPress sites from various types of attacks and vulnerabilities. The plugin provides features such as brute force protection, file change detection, and strong password enforcement. It is widely used by small to large-scale websites to mitigate security risks and ensure a safer online presence. The plugin is easy to install and configure, making it accessible to users with varying levels of technical expertise. Its robustness and effectiveness have made it a staple choice for WordPress security enthusiasts.

The Full Path Disclosure vulnerability in the WordPress Plugin iThemes Security allows unauthorized users to access sensitive server path information. This vulnerability arises due to the public accessibility of certain plugin files without ABSPATH (absolute path) protection. When these files are accessed directly, PHP error messages revealing the server's file path can be triggered. Such information could be exploited by attackers to map the server's directory structure for further attacks. This vulnerability is considered low in severity but should be addressed to prevent information leakage. Understanding and mitigating this vulnerability can help site owners safeguard their web environment against potential directory traversal or file inclusion attacks.

The technical details of the Full Path Disclosure vulnerability involve the accessibility of plugin files located in the 'better-wp-security' directory. Specifically, the endpoint '/wp-content/plugins/better-wp-security/core/admin-pages/page-logs.php' can be accessed directly, resulting in PHP error messages that disclose the full path of the web server. The vulnerability is triggered by sending a GET request to this endpoint, where the server's response may include status codes 200 or 500, along with error messages containing phrases like "Fatal error" or "Uncaught Error." Such information can provide attackers with insights into the server's directory structure and configuration.

If malicious individuals exploit the Full Path Disclosure vulnerability, they could gain unauthorized insight into the server's directory paths. This knowledge can facilitate directory traversal attacks, where attackers attempt to access unauthorized files or directories beyond the web root. Additionally, it may aid in executing file inclusion vulnerabilities by allowing attackers to craft specific payloads targeting known file paths. Although the direct risk level of this vulnerability may be low, the information leaked could be leveraged in combination with other vulnerabilities to escalate the attack. Therefore, addressing this issue is crucial to maintaining a secure website environment.

REFERENCES

• https://wordpress.org/plugins/better-wp-security/