CVE-2022-0656

Name of the Vulnerable Software and Affected Versions uDraw WordPress plugin versions prior to 3.3.3

Description The issue arises from the lack of validation of the url parameter in the udraw convert url to base64 AJAX action, which is accessible to both unauthenticated and authenticated users. This allows unauthenticated users to read arbitrary files on the web server, such as /etc/passwd or wp-config.php, by exploiting the file get contents function. The content of the accessed file is then returned base64 encoded in the response.

Recommendations For versions prior to 3.3.3, update to version 3.3.3 or later to resolve the issue. As a temporary workaround, consider disabling the udraw convert url to base64 AJAX action until a patch is available. Restrict access to sensitive files on the web server to minimize the risk of exploitation. Avoid using the url parameter in the affected AJAX endpoint until the issue is resolved.