• WordPress Plugin Media from FTP is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Media from FTP version 9.85 is vulnerable; prior versions may also be affected.

• Update to plugin version 9.86 or latest

• • https://github.com/d4wner/Vulnerabilities-Report/blob/master/media-from-ftp.md
  • https://plugins.svn.wordpress.org/media-from-ftp/trunk/readme.txt

• 

• CVE-2018-5310

• CWE-22

• Missing Update Directory Traversal

• WordPress Plugin VaultPress Unspecified Vulnerability (1.7.1)
• WordPress 4.4.x Denial of Service Vulnerability (4.4 - 4.4.14)
• WordPress Plugin Social Share Buttons-Social Pug Cross-Site Scripting (1.2.5)
• WordPress Plugin The Events Calendar Open Redirect (4.1.1)
• WordPress Plugin Social Sticky Animated Backdoor (1.0)