Description

WordPress Plugin Chat Room is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Chat Room version 0.1.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 0.1.3 or latest

References

http://0day.today/exploit/27303

https://wordpress.org/plugins/chat-room/changelog/

Related Vulnerabilities

WordPress Plugin Simple Banner Cross-Site Scripting (2.11.0)

WordPress Plugin Ultimate WP Query Search Filter Cross-Site Scripting (1.0.10)

WordPress Plugin Html5 Audio Player-Audio Player for WordPress Cross-Site Scripting (2.1.2)

WordPress Plugin CSS & JavaScript Toolbox SQL Injection (9.2)

Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Directory Traversal