Recover Exit For Woocommerce
Monthly
Local File Inclusion in the Recover Exit For WooCommerce WordPress plugin (versions up to and including 1.0.3) allows remote unauthenticated attackers to include arbitrary local PHP files via the unsanitized `tpf` POST parameter passed to `include()` in the `recover_exit()` function. Successful exploitation can disclose sensitive files such as `wp-config.php` and, when combined with file upload primitives or log poisoning, escalate to remote code execution. No public exploit identified at time of analysis, though the vulnerable sink is documented in the plugin source on plugins.trac.wordpress.org.
Local File Inclusion in the Recover Exit For WooCommerce WordPress plugin (versions up to and including 1.0.3) allows remote unauthenticated attackers to include arbitrary local PHP files via the unsanitized `tpf` POST parameter passed to `include()` in the `recover_exit()` function. Successful exploitation can disclose sensitive files such as `wp-config.php` and, when combined with file upload primitives or log poisoning, escalate to remote code execution. No public exploit identified at time of analysis, though the vulnerable sink is documented in the plugin source on plugins.trac.wordpress.org.