Description

WordPress Plugin Media from FTP is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Media from FTP version 9.85 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 9.86 or latest

References

https://github.com/d4wner/Vulnerabilities-Report/blob/master/media-from-ftp.md

https://plugins.svn.wordpress.org/media-from-ftp/trunk/readme.txt

Related Vulnerabilities

WordPress 4.3.x Cross-Site Scripting Vulnerability (4.3 - 4.3.1)

WordPress Plugin N5 Upload Form Arbitrary File Upload (1.0)

Joomla! Core 3.x.x Multiple Cross-Site Scripting Vulnerabilities (3.0.0 - 3.8.7)

WordPress Plugin Twitter LiveBlog Cross-Site Request Forgery (1.1.2)

WordPress Plugin Bliss Gallery Arbitrary File Upload (2.3)

Severity

High

Classification

CVE-2018-5310 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Directory Traversal