WordPress Floating Social Media Links Plugin 'wpp' RFI Vulnerabilities Network Vulnerability

Summary

This host is installed with WordPress Floating Social Media Links Plugin and is prone to remote file inclusion vulnerabilities.

Impact

Successful exploitation could allow attackers to perform directory traversal attacks and read arbitrary files on the affected application. Impact Level: Application

Solution

Upgrade to the WordPress Portable phpMyAdmin Plugin version 1.4.3 or later, For updates refer to http://wordpress.org/extend/plugins/floating-social-media-links/

Insight

The flaw is due to an improper validation of user supplied input to the 'wpp' parameter in 'fsml-hideshow.js.php' and 'fsml-admin.js.php', which allows attackers to read arbitrary files via a ../(dot dot) sequences.

Affected

WordPress Floating Social Media Links Plugin version 1.4.2 and prior

References

http://osvdb.org/88385
http://secunia.com/advisories/51346
http://wordpress.org/extend/plugins/floating-social-media-links/changelog/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat AJP Protocol Security Bypass Vulnerability
AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
A-A-S Application Access Server Multiple Vulnerabilities
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability

Take action and discover your vulnerabilities