Description

WordPress Plugin Adaptive Images for WordPress is prone to multiple vulnerabilities, including arbitrary file deletion and local file inclusion vulnerabilities. An attacker may leverage these issues to delete arbitrary files or to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Adaptive Images for WordPress version 0.6.66 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 0.6.67 or latest

References

https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html

https://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown

https://plugins.svn.wordpress.org/adaptive-images/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Category and Page Icons Cross-Site Scripting (0.9.2)

WordPress Plugin Sendit WP Newsletter 'id' Parameter SQL Injection (2.1.0)

WordPress Plugin BP Profile Search PHP Object Injection (4.5.3)

WordPress Plugin Edwiser Bridge-WordPress Moodle LMS Integration Multiple Cross-Site Request Forgery Vulnerabilities (2.0.6)

WordPress Plugin WP Custom Fields Search Cross-Site Scripting (1.2.34)

Severity

High

Classification

CVE-2019-14205 CVE-2019-14206 CWE-22 CWE-73 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Missing Update