Description

WordPress Plugin Advanced Dewplayer is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Advanced Dewplayer version 1.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.3 or latest

References

https://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal

http://www.openwall.com/lists/oss-security/2013/12/30/5

http://www.securityfocus.com/bid/64587/exploit

http://secunia.com/advisories/55941/

Related Vulnerabilities

WordPress Plugin Magic Fields Cross-Site Scripting (1.7.1)

WordPress Plugin WPS Cleaner Multiple Cross-Site Request Forgery Vulnerabilities (1.4.4)

WordPress Plugin Social Media Widget Serving Spam (4.0)

WordPress Plugin Smush Image Compression and Optimization Multiple Vulnerabilities (2.9.1)

WordPress Plugin iTwitter Multiple Vulnerabilities (0.04)

Severity

High

Classification

CVE-2013-7240 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Directory Traversal