Description

WordPress Plugin Ajax Store Locator is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Ajax Store Locator version 1.2.0 is vulnerable; prior versions may also be affected.

Remediation

Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available

References

http://www.homelab.it/index.php/2014/12/06/wordpress-ajax-store-locator-arbitrary-file-download-vulnerability/

http://www.exploit-db.com/exploits/35493/

http://packetstormsecurity.com/files/129408/WordPress-Ajax-Store-Locator-1.2-Arbitrary-File-Download.html

Related Vulnerabilities

WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Security Bypass (3.5.4)

WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Request Forgery (3.0.6)

WordPress Plugin Add-on SweetAlert Contact Form 7 Unspecified Vulnerability (1.0.7)

WordPress Plugin Divi Builder Arbitrary File Upload (4.5.2)

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Security Bypass (1.0.42.1)

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Directory Traversal