Description

WordPress Plugin ChimpMate-WordPress MailChimp Assistant is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin ChimpMate-WordPress MailChimp Assistant version 1.3.2 is vulnerable; prior versions may also be affected.

Remediation

Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available

References

https://www.pluginvulnerabilities.com/2018/06/19/authenticated-local-file-inclusion-lfi-vulnerability-in-chimpmate/

Related Vulnerabilities

WordPress Plugin Easy Forms for Mailchimp Cross-Site Scripting (5.0.6)

WordPress Plugin Mobiloud-Native Mobile Apps for your WordPress site (iPhone, iPad, Android) Multiple Cross-Site Scripting Vulnerabilities (2.3.7)

WordPress Plugin wp Dreamwork Gallery 'upload.php' Arbitrary File Upload (2.1)

Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.12)

WordPress Plugin Users Ultra SQL Injection (1.5.15)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update File Inclusion