A high-severity vulnerability has been identified in multiple WPClever products for WooCommerce, which could allow an attacker to read sensitive files from the web server. Successful exploitation could lead to the exposure of confidential data, such as database credentials and configuration files, potentially resulting in a full system compromise. Organizations are urged to apply the vendor-provided security updates immediately to mitigate this risk.

The vulnerability is a Local File Inclusion (LFI) flaw due to improper input validation. An attacker can manipulate a parameter that is passed to a PHP include or require function within the plugin's code. By crafting a special request containing directory traversal sequences (e.g., ../../) and a target filename, an attacker can trick the application into including and potentially executing arbitrary local files on the server, outside of the intended directory. This could allow an unauthenticated attacker to read sensitive files like wp-config.php, /etc/passwd, or other server configuration files.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could have a significant negative impact on the business by leading to a severe data breach. An attacker could gain access to sensitive information, including database connection strings, API keys, salts, and other credentials stored on the server. This information could be leveraged to gain further unauthorized access, compromise the entire website and its database, steal customer data, and disrupt business operations, leading to financial loss, regulatory fines, and reputational damage.

Immediate Action: The primary and most effective remediation is to apply the security patches provided by the vendor across all affected websites immediately. After patching, it is crucial to review web server and application access logs for any signs of attempted or successful exploitation of this vulnerability.

Proactive Monitoring: Security teams should actively monitor web server logs for suspicious requests targeting the affected WPClever plugins. Look for requests containing directory traversal patterns (e.g., ../, ..%2f) or common sensitive filenames (e.g., wp-config.php, /etc/passwd) in URL parameters. Implement alerts for unusual PHP errors, particularly those related to "failed to open stream" or "include/require" failures, which could indicate an LFI attempt.

Compensating Controls: If immediate patching is not feasible, a Web Application Firewall (WAF) should be configured with rules designed to detect and block LFI and directory traversal attack patterns. Additionally, hardening the server's PHP configuration by restricting file system access with open_basedir can help limit the impact of a successful LFI exploit.

Public Exploit Available: false

Given the high severity (CVSS 7.5) of this vulnerability and its potential to expose critical server data, we strongly recommend that organizations prioritize the immediate application of vendor-supplied security updates. Although there is no evidence of active exploitation at this time, the widespread use of WooCommerce and its plugins makes this an attractive target. Proactive patching is the most effective defense to prevent potential compromise and protect sensitive business and customer data.