WordPress Google Doc Embedder Plugin Arbitrary File Disclosure Vulnerability Network Vulnerability

Summary

The Google Doc Embedder Plugin for WordPress is prone to an arbitrary file-disclosure vulnerability because it fails to properly sanitize user-supplied input. A remote attacker can use directory-traversal sequences to retrieve arbitrary files in the context of the affected application. Google Doc Embedder 2.4.6 is vulnerable other versions may also be affected.

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.securityfocus.com/bid/57133
http://www.wordpress.org/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4915
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

/doc directory browsable ?
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Apache Tomcat Multiple Vulnerabilities June-09
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
Admidio get_file.php Remote File Disclosure Vulnerability

Take action and discover your vulnerabilities