WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Adaptive Images for WordPress Multiple Vulnerabilities (0.6.66)

Description

WordPress Plugin Adaptive Images for WordPress is prone to multiple vulnerabilities, including arbitrary file deletion and local file inclusion vulnerabilities. An attacker may leverage these issues to delete arbitrary files or to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Adaptive Images for WordPress version 0.6.66 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 0.6.67 or latest

References

https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html

https://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown

https://plugins.svn.wordpress.org/adaptive-images/trunk/readme.txt

Related Vulnerabilities

Skipper Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-38580)

Oracle JRE CVE-2017-10355 Vulnerability (CVE-2017-10355)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-5114)

Apache Traffic Server CVE-2023-44487 Vulnerability (CVE-2023-44487)

WordPress Plugin Custom Sidebars-Dynamic Widget Area Manager Cross-Site Scripting (2.1.0.1)

Severity

High

Classification

CVE-2019-14205 CVE-2019-14206 CWE-22 CWE-73 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update