Login Sign Up

CVE-2023-6295

7.2 HIGH

📋 TL;DR

This vulnerability allows administrators on WordPress Multisite installations to perform Local File Inclusion (LFI) attacks by exploiting insufficient input validation in the SiteOrigin Widgets Bundle plugin. Attackers can read arbitrary files on the server, potentially accessing sensitive configuration files or source code. Only WordPress Multisite installations with the vulnerable plugin are affected.

💻 Affected Systems

Products:
  • SiteOrigin Widgets Bundle WordPress plugin
Versions: All versions before 1.51.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress Multisite installations. Single-site WordPress installations are not vulnerable.

📦 What is this software?

Siteorigin Widgets Bundle by Siteorigin

View all CVEs affecting Siteorigin Widgets Bundle →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator credentials are compromised, allowing attackers to read sensitive server files like wp-config.php (containing database credentials), /etc/passwd, or other configuration files, leading to full server compromise.

🟠

Likely Case

Attackers with administrator access read sensitive WordPress configuration files to extract database credentials or other secrets, enabling further attacks.

🟢

If Mitigated

With proper access controls limiting administrator roles to trusted users only, the impact is reduced to authorized users who shouldn't have this capability.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrator-level access on WordPress Multisite. The vulnerability is publicly documented with technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.51.0

Vendor Advisory: https://wpscan.com/vulnerability/adc9ed9f-55b4-43a9-a79d-c7120764f47c

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'SiteOrigin Widgets Bundle'. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.51.0+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Remove vulnerable plugin

all

Temporarily disable or remove the SiteOrigin Widgets Bundle plugin until patched

wp plugin deactivate siteorigin-widgets
wp plugin delete siteorigin-widgets

Restrict administrator access

all

Review and limit administrator roles to only essential, trusted users on Multisite installations

🧯 If You Can't Patch

  • Implement strict access controls to limit administrator roles to trusted personnel only
  • Deploy web application firewall (WAF) rules to block LFI patterns and monitor for suspicious file inclusion attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for SiteOrigin Widgets Bundle version. If version is below 1.51.0 and WordPress is Multisite, the system is vulnerable.

Check Version:

wp plugin get siteorigin-widgets --field=version

Verify Fix Applied:

Confirm SiteOrigin Widgets Bundle plugin version is 1.51.0 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file inclusion patterns in web server logs (e.g., attempts to include /etc/passwd, wp-config.php via plugin parameters)
  • Administrator users accessing unusual plugin endpoints with file path parameters

Network Indicators:

  • HTTP requests containing file path traversal patterns to SiteOrigin Widgets Bundle endpoints

SIEM Query:

web_access_logs WHERE url CONTAINS 'siteorigin-widgets' AND (url CONTAINS '../' OR url CONTAINS '/etc/' OR url CONTAINS 'wp-config')

📊 Metadata

CVE ID: CVE-2023-6295
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Published: December 18, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON