एज गेट <= 3.5.3 - 'लैंग' पैरामीटर के माध्यम से अनधिकृत स्थानीय PHP फ़ाइल समावेश

The impact of this vulnerability is severe. An attacker can leverage the 'lang' parameter to include and execute malicious PHP code. This could involve uploading a seemingly harmless file (like an image) and then including it via the LFI vulnerability. Successful exploitation allows attackers to bypass access controls, steal sensitive data stored on the server (database credentials, configuration files), and ultimately achieve remote code execution. The attacker effectively gains control over the WordPress instance and potentially the underlying server. This is akin to a remote code execution (RCE) vulnerability, albeit requiring local file upload as a prerequisite.

WordPress websites utilizing the Age Gate plugin, particularly those running older versions (0.0.0–3.5.3), are at significant risk. Shared hosting environments are especially vulnerable as they often have limited access controls and a higher concentration of vulnerable plugins. Websites with lax file upload policies are also at increased risk.

• wordpress / plugin:

wp plugin list | grep age-gate

• wordpress / plugin: Check the plugin version using wp plugin list and verify it is below 3.5.4. • wordpress / server: Examine WordPress access logs for requests containing suspicious 'lang' parameters, such as those attempting to include system files (e.g., /etc/passwd). • wordpress / server: Monitor WordPress error logs for PHP inclusion errors related to the 'lang' parameter. • generic web: Use curl to test the Age Gate endpoint with various 'lang' parameters to see if arbitrary file inclusion is possible. curl 'https://example.com/wp-content/plugins/age-gate/age-gate.php?lang=/etc/passwd'

1. 2025-03-20Disclosure

   disclosure

1. आरक्षित2025-03-18
2. प्रकाशित2025-03-20
3. संशोधित2026-04-08
4. EPSS अद्यतन2026-04-02

The primary mitigation is to immediately upgrade the Age Gate plugin to version 3.5.4 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily restricting file uploads to only explicitly allowed file types. Implement strict input validation on the 'lang' parameter to prevent malicious file inclusions. Web Application Firewalls (WAFs) configured to detect and block attempts to include arbitrary files can provide an additional layer of defense. Monitor WordPress logs for unusual file inclusion attempts, specifically targeting the 'lang' parameter. A YARA rule could be created to detect the presence of malicious PHP files uploaded via this vulnerability.

सक्रिय इंस्टॉलेशन

40Kज्ञात

प्लगइन रेटिंग