CVE-2023-46205
📋 TL;DR
This vulnerability allows attackers to read arbitrary files on the server through path traversal in the Ultimate Addons for WPBakery Page Builder WordPress plugin. It affects all WordPress sites using vulnerable versions of this plugin, potentially exposing sensitive configuration files and data.
💻 Affected Systems
- Ultimate Addons for WPBakery Page Builder WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like wp-config.php (containing database credentials), followed by database takeover and potential remote code execution.
Likely Case
Unauthorized access to sensitive server files including configuration files, source code, and potentially user data stored in accessible directories.
If Mitigated
Limited file access restricted to web-accessible directories only, preventing access to critical system files.
🎯 Exploit Status
Exploitation requires minimal technical skill as path traversal vulnerabilities are well-documented and easy to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.19.15 and later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Ultimate Addons for WPBakery Page Builder'. 4. Click 'Update Now' if available, or download version 3.19.15+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Ultimate Addons for WPBakery Page Builder plugin until patched
Web application firewall rule
linuxBlock path traversal patterns in web requests
# Example mod_security rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny,status:403,msg:'Path Traversal Attempt'
🧯 If You Can't Patch
- Implement strict file permission controls on sensitive directories and files
- Deploy web application firewall with path traversal detection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for 'Ultimate Addons for WPBakery Page Builder' version 3.19.14 or earlierCheck Version:
wp plugin list --name='ultimate-addons-for-wpbakery-page-builder' --field=versionVerify Fix Applied:
Verify plugin version is 3.19.15 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' patterns in URL parameters
- Unusual file access patterns to non-web directories
Network Indicators:
- HTTP requests with path traversal sequences in query strings or POST data
SIEM Query:
source="web_logs" AND (uri="*../*" OR post_data="*../*")🔗 References
- https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-14-local-file-inclusion-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-14-local-file-inclusion-vulnerability?_s_id=cve
