Description

WordPress Plugin DukaPress is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin DukaPress version 2.5.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.5.4 or latest

References

http://security.szurek.pl/dukapress-252-path-traversal.html

http://secunia.com/advisories/60250/

Related Vulnerabilities

WordPress Plugin NextGEN Gallery-WordPress Gallery Privilege Escalation (3.2.2)

WordPress Plugin Surveys SQL Injection (1.01.8)

WordPress Plugin Nginx Helper Cross-Site Scripting (1.8.9)

Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.8)

WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)

Severity

High

Classification

CVE-2014-8799 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Directory Traversal