Description

WordPress Plugin Adaptive Images for WordPress is prone to multiple vulnerabilities, including arbitrary file deletion and local file inclusion vulnerabilities. An attacker may leverage these issues to delete arbitrary files or to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Adaptive Images for WordPress version 0.6.66 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 0.6.67 or latest

References

https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html

https://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown

https://plugins.svn.wordpress.org/adaptive-images/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Information Disclosure (3.4.3)

WordPress Plugin WP Mobile Detector Arbitrary File Upload (3.5)

Nexus Repository Manager Improper Authentication Vulnerability (CVE-2019-9629)

WordPress Plugin Under Construction Unspecified Vulnerability (3.25)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0828)

Severity

High

Classification

CVE-2019-14205 CVE-2019-14206 CWE-22 CWE-73 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update