Description

WordPress Plugin PictPress is prone to multiple local file include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an unauthorized user to view files and execute local scripts. WordPress Plugin PictPress version 0.91 is vulnerable; other versions may also be affected.

Remediation

Update to the latest version

References

http://www.securityfocus.com/bid/26743/exploit

http://www.exploit-db.com/exploits/4695/

http://packetstormsecurity.com/files/view/61555/wppict-disclose.txt

http://secunia.com/advisories/27962/

Related Vulnerabilities

WordPress Plugin WP jPlayer Cross-Site Scripting (0.1)

WordPress Plugin ACF:Better Search SQL Injection (2.0.2)

WordPress Plugin Syndication Links Cross-Site Scripting (1.0.2)

WordPress Plugin Add Any Extension to Pages Cross-Site Scripting (1.3)

WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple Cross-Site Scripting Vulnerabilities (2.1.9)

Severity

High

Classification

CVE-2007-6369 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update File Inclusion