IP Blacklist Cloud <= 3.42 - Arbitrary File Disclosure

Sign up to our free email alerts service for instant vulnerability notifications!

The IP Blacklist Cloud plugin exposes several AJAX functions to users. One of these is the ‘importCSVIPCloud’ action, which looks to be used to import CSV files into the systems blacklist. This action is susceptible to Directory Traversal, and does not check file extensions, as such it is possible to retrieve the contents of any file on the server to which the web server has access to.

This action required that the user has the ‘manage_options’ permission. The reason I’ve raised this as an issue is because while it’s true if someone has compromised a user with this privilege then this attack is the least of your concerns, however if a site administrator has set Read Only on files that are editable via the WordPress administrative interface, then the scope of what the compromised user can perform on the file system is limited. This vulnerability allows a user with adequate access to the WordPress instance to read files on the system, potentially compromising further credentials such as FTP, MySQL, amongst other sensitive information.


Plugin ip-blacklist-cloud
fixed in version 3.43


URL https://research.g0blin.co.uk/g0blin-00037/


Type LFI
OWASP Top 10 A1: Injection


Submitter James Hooker
Submitter Website https://research.g0blin.co.uk
Submitter Twitter g0blinResearch
Views 162
Verified No


Publicly Published 2015-03-13 (over 1 year ago)
Added 2015-03-13 (over 1 year ago)
Last Updated 2015-05-15 (over 1 year ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.