WordPress Light Post Plugin 'abspath' Parameter Remote File Include Vulnerability Network Vulnerability

Summary

The Light Post WordPress Plugin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user- supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system other attacks are also possible. Light Post Plugin 1.4 is vulnerable other versions may also be affected.

Solution

Vendor updates are available. Please see the references for more information.

References

http://plugins.trac.wordpress.org/changeset/437217/light-post/trunk/wp-light-post.php?old=416259&old_path=light-post%2Ftrunk%2Fwp-light-post.php
http://wordpress.org/extend/plugins/light-post/changelog/
http://www.securityfocus.com/bid/50080
http://www.wordpress.org

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

4psa Voipnow Local File Inclusion Vulnerability
admin.cgi overflow
Admin Bot 'news.php' SQL Injection Vulnerability
Advantech WebAccess Multiple Vulnerabilities
ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities