Web Flaws and Vulnerabilities

WPS Child Theme Generator v1.1 Multiples Vulnerabilities

Blog Web Flaws and Vulnerabilities WPS Child Theme Generator v1.1 Multiples Vulnerabilities

July 23, 2019 0 comments

WPS Limit Login is edited by WP Serveur, WordPress french host. Criticity level for this update is high.

Directory Traversal

File /classes/helpers.php

Issue : Validation patterns (all) are a good idea and good UX, but are not enogh to protect that PHP will get the correct values related to their pattern. It’s possible to send anything else, the PHP side will treat the data like it’s a good one.

Demo : Let’s add the following title “../../wp-config.php%00“, this could create a “wp-config.php” file at the root of your website. The %00 (null byte) and the following will be ignored.

This vulnerability has been patched in v1.2

About Julio Potier All of Julio Potier's posts

Creator of SecuPress and the LearnWPSecurity Training, Julio is also lead organisator of WordCamp Lille.
Compulsive speaker, Senior Trainer and WordPress Engineer, he's a specialist in security since 2002 and contribute to WordPress various ways.

Directory Traversal

This might interest you too

iThemes Security < 7.9.1 – Hide Backend ByPass

WordPress Security, a response to Yoast

Newspaper Theme <= 10.3.3 – Reflected XSS in admin area

WPS Child Theme Generator v1.1 Multiples Vulnerabilities