Description

WordPress Plugin Chat Room is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Chat Room version 0.1.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 0.1.3 or latest

References

http://0day.today/exploit/27303

https://wordpress.org/plugins/chat-room/changelog/

Related Vulnerabilities

WordPress Plugin Spreadsheet (wpSS) 'ss_id' Parameter SQL Injection (0.61)

WordPress Plugin AJAX Comment Page Cross-Site Scripting (3.25)

WordPress Plugin Xllentech English Islamic Calendar SQL Injection (2.6.7)

WordPress Plugin Schreikasten SQL Injection (0.14.18)

WordPress Plugin IGIT Related Posts With Thumb Image After Posts TimThumb Arbitrary File Upload (3.9.7)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Directory Traversal