A high-severity vulnerability has been discovered in multiple ThimPress WP Pipes products, which could allow a remote attacker to access and execute sensitive files on the web server. Successful exploitation could lead to a complete compromise of the affected website, resulting in sensitive data exposure, unauthorized access, and full server control.

The vulnerability is a Local File Inclusion (LFI) flaw stemming from the application's failure to properly sanitize user-supplied input used in a PHP include or require statement. A remote, unauthenticated attacker can manipulate input parameters with directory traversal sequences (e.g., ../../..) to trick the application into including and executing arbitrary PHP files from the server's local filesystem. This could also be leveraged to read the source code of any file on the server, including sensitive configuration files like wp-config.php which contains database credentials.

This vulnerability is rated as High severity with a CVSS score of 8.1. A successful exploit could have severe consequences for the business, including a significant data breach involving customer PII, financial information, or intellectual property. An attacker could gain full administrative control over the website, leading to website defacement, installation of malware or ransomware, or using the compromised server to attack other systems. Such an incident would result in major operational disruption, financial loss, regulatory penalties, and lasting reputational damage.

Immediate Action: Apply the security updates provided by the vendor to all affected products immediately. After patching, it is crucial to monitor for any signs of exploitation attempts by thoroughly reviewing web server access logs and system logs for suspicious activity that may have occurred before the patch was applied.

Proactive Monitoring: Implement and enhance monitoring to detect LFI attack patterns. Specifically, search web server logs for requests containing directory traversal strings (../, ..%2f) or attempts to access sensitive system files (e.g., wp-config.php, /etc/passwd). Utilize a File Integrity Monitoring (FIM) solution to alert on unauthorized modifications to core application files.

Compensating Controls: If patching cannot be performed immediately, deploy a Web Application Firewall (WAF) and enable rules specifically designed to detect and block LFI and directory traversal attacks. Additionally, harden the server's PHP configuration by disabling allow_url_include and restricting file system access for the web server user with open_basedir.

Public Exploit Available: false

This vulnerability presents a critical risk and must be addressed with the highest priority. Due to the high CVSS score of 8.1 and the potential for full system compromise, we strongly recommend applying the vendor-supplied patches to all vulnerable systems immediately. Although this CVE is not currently on the CISA KEV list, its severity and the ease of exploitation make it an attractive target for attackers. Proactive patching and monitoring are essential to prevent a compromise.