Description

WordPress Plugin Revamp CRM for WooCommerce is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Revamp CRM for WooCommerce version 1.0.3 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.0.4 or latest

References

https://www.pluginvulnerabilities.com/2019/06/10/our-proactive-monitoring-caught-a-local-file-inclusion-lfi-vulnerability-in-revamp-crm-for-woocommerce/

https://plugins.svn.wordpress.org/revampcrm-woocommerce/trunk/README.txt

Related Vulnerabilities

WordPress Plugin Photoracer 'id' Parameter SQL Injection (1.0)

WordPress Plugin BetterOptin Cross-Site Scripting (1.2.4)

WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.23.2)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.10)

WordPress Plugin Backend Localization Multiple Cross-Site Scripting Vulnerabilities (1.6.1)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update File Inclusion