Description

WordPress Plugin Insert Pages is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Insert Pages version 3.2.3 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.2.4 or latest

References

https://wordpress.org/support/topic/insert-pages-has-been-removed-from-wordpress-org/

https://plugins.svn.wordpress.org/insert-pages/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin WP SVG Icons Cross-Site Request Forgery (3.2.1)

WordPress Plugin WP Custom Admin Login Page Logo Unspecified Vulnerability (1.4.1)

WordPress Plugin Thrive Architect Security Bypass (2.6.7.3)

WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.5)

WordPress 3.0.3 KSES Library Cross-Site Scripting Vulnerability (0.6.2 - 3.0.3)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Directory Traversal