Description

WordPress Plugin DM Albums is prone to multiple vulnerabilities that can allow attackers to delete arbitrary files. The issues occur because the software fails to properly sanitize user-supplied input. Attackers can exploit these issues to delete arbitrary files on the victim's computer in the context of the vulnerable application. WordPress Plugin DM Albums versions prior to 2.1 are affected, but note that version 2.1 is still vulnerable to one of the issues.

Remediation

Update to plugin version 2.3.1 or latest

References

http://sebug.net/vuldb/ssvid-12525

http://secunia.com/advisories/37119

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) (CVE-2021-26032)

OpenSSL Other Vulnerability (CVE-2015-1790)

PHP Numeric Errors Vulnerability (CVE-2008-1384)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1893)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3275)

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update