Description
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin Sitesassure WP Malware Scanner Cross-Site Scripting (1.0.1)
WordPress Plugin CardGate Payments for WooCommerce Security Bypass (3.1.15)
WordPress Plugin MailPoet Newsletters (Previous) Cross-Site Scripting (2.6.11)
WordPress Plugin Backup Migration Cross-Site Scripting (1.1.5)
WordPress Plugin UserPro-Community and User Profile Security Bypass (4.9.17)