{"id":20750,"date":"2025-10-29T13:36:29","date_gmt":"2025-10-29T13:36:29","guid":{"rendered":"https:\/\/cloudkul.com\/blog\/?p=20750"},"modified":"2025-10-29T13:36:33","modified_gmt":"2025-10-29T13:36:33","slug":"serious-file-read-exploit-in-uicore-elements","status":"publish","type":"post","link":"https:\/\/cloudkul.com\/blog\/serious-file-read-exploit-in-uicore-elements\/","title":{"rendered":"Serious File Read Exploit in UiCore Elements Plugin"},"content":{"rendered":"\n
<\/span>\"image-3\"
\n

<\/p>\n<\/div><\/div>\n\n\n\n

A critical security flaw was recently discovered in the UiCore Elements<\/a><\/strong> WordPress plugin (\u2264<\/strong>1.3.0)<\/strong>, which is used on over 40,000 websites, lets attackers Read<\/strong> Arbitrary File (LFI)<\/strong> on affected server.<\/p>\n\n\n\n

UiCore Elements<\/strong> is a free Elementor addon<\/strong> that enhances the page builder with extra widgets, pre-built sections, and templates for easy drag-and-drop WordPress design.<\/p>\n\n\n\n

So let’s understand this vulnerability, how it works, its impact on your website, and also security measures to prevent your website from this vulnerability.<\/p>\n\n\n\n

What is a UiCore Elements Plugin?<\/strong><\/h2>\n\n\n\n

UiCore Elements<\/strong> is a free Elementor addon designed to extend the functionality of the Elementor page builder. <\/p>\n\n\n\n

UiCore Elements acts as a design booster for Elementor users, helping them save time and create visually appealing websites more efficiently.<\/p>\n\n\n\n

Like other Elementor add-ons, it helps users create professional websites without coding by importing ready-made templates, sections, and extra design widgets.<\/p>\n\n\n\n

What is Arbitrary File Read Vulnerability?<\/strong><\/h2>\n\n\n\n

An Arbitrary File Read<\/strong> (LFI – Local File Inclusion)<\/strong> vulnerability happens when a web application allows a user to read files from the server that they shouldn\u2019t normally have access to.<\/p>\n\n\n\n

Normally, a website should only give access to its public files (like images, CSS, JS). <\/p>\n\n\n\n

If an app accepts a user-provided filename or path without validation, an attacker can supply arbitrary paths to read sensitive server files, enabling Local File Read\/Arbitrary File Read exploits.<\/p>\n\n\n\n

Common target files are : wp-config.php<\/strong> (WordPress), Backup Files, logs, config files and other sensitive server files.<\/p>\n\n\n\n

How does this Vulnerability work?<\/strong><\/h2>\n\n\n\n

The plugin exposed a public endpoint for handling template imports that calls the prepare_template()<\/strong> function. Unfortunately, this endpoint lacked proper authentication and input validation<\/strong>. <\/p>\n\n\n\n

The handler also failed to strictly validate the filename<\/strong> parameter. letting attackers send crafted requests to access any server file without logging in.<\/p>\n\n\n\n

Since prepare_template()<\/strong> accepts a filename via POST request, an attacker could supply a path like ..\/..\/wp-config.php <\/strong>instead of a valid template or image filename to access sensitive files.<\/p>\n\n\n\n

The import\/template logic calls image\/template import routines that read the provided path. Because validation is insufficient, the code reads the specified server file.<\/p>\n\n\n\n

If the endpoint returns the file contents or an error revealing contents, the attacker obtains secrets such as DB credentials, salts, or API keys. <\/p>\n\n\n\n

With those secrets, the attacker can escalate to admin privilege and perform any other malicious actions<\/p>\n\n\n

\n
\"Arbitrary<\/a><\/figure><\/div>\n\n\n

Impact of this Vulnerability on the website<\/strong><\/h2>\n\n\n\n

This vulnerability can cause several impacts on any websites mentioned below;<\/p>\n\n\n\n