Description

WordPress Plugin Adaptive Images for WordPress is prone to multiple vulnerabilities, including arbitrary file deletion and local file inclusion vulnerabilities. An attacker may leverage these issues to delete arbitrary files or to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Adaptive Images for WordPress version 0.6.66 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 0.6.67 or latest

References

https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html

https://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown

https://plugins.svn.wordpress.org/adaptive-images/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Custom Login Page Customizer-LoginPress Unspecified Vulnerability (1.1.15)

PHP Reliance on Cookies without Validation and Integrity Checking Vulnerability (CVE-2020-7070)

Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-56588)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.30)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.27)

Severity

High

Classification

CVE-2019-14205 CVE-2019-14206 CWE-22 CWE-73 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update