CVE-2023-37888
📋 TL;DR
This vulnerability allows unauthenticated attackers to perform path traversal attacks, leading to local file inclusion in WordPress sites using the Phlox theme's Shortcodes and extra features plugin. Attackers can read sensitive files like wp-config.php containing database credentials. All WordPress installations with the vulnerable plugin versions are affected.
💻 Affected Systems
- Shortcodes and extra features for Phlox theme (auxin-elements plugin)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise via reading wp-config.php database credentials, leading to database takeover, privilege escalation, and potential remote code execution.
Likely Case
Sensitive file disclosure including configuration files, source code, and environment variables, enabling further attacks.
If Mitigated
Limited impact if file permissions restrict sensitive file access or web application firewalls block path traversal patterns.
🎯 Exploit Status
Exploitation requires simple HTTP requests with path traversal sequences. Public proof-of-concept code is available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.14.1 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Shortcodes and extra features for Phlox theme' (auxin-elements). 4. Click 'Update Now' if update available. 5. Alternatively, download version 2.14.1+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock path traversal patterns in HTTP requests
WAF-specific configuration to block requests containing '../', '..\', or similar traversal sequences
Disable Vulnerable Plugin
allTemporarily disable the plugin until patched
wp plugin deactivate auxin-elements
Or via WordPress admin: Plugins → Installed Plugins → Deactivate
🧯 If You Can't Patch
- Implement strict file permission controls on sensitive files (e.g., chmod 600 wp-config.php)
- Deploy a web application firewall with path traversal detection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress plugin version via admin panel or command: wp plugin get auxin-elements --field=versionCheck Version:
wp plugin get auxin-elements --field=versionVerify Fix Applied:
Confirm plugin version is 2.14.1 or higher: wp plugin get auxin-elements --field=version📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' sequences to plugin endpoints
- Access to sensitive files like wp-config.php from unexpected sources
Network Indicators:
- Unusual GET requests with path traversal patterns to /wp-content/plugins/auxin-elements/
SIEM Query:
http.url:*auxin-elements* AND (http.url:*..%2F* OR http.url:*..%5C*)🔗 References
- https://patchstack.com/database/vulnerability/auxin-elements/wordpress-phlox-core-elements-plugin-2-14-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/auxin-elements/wordpress-phlox-core-elements-plugin-2-14-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
