Description

WordPress Plugin Post Recommendations for WordPress is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Post Recommendations for WordPress version 1.1.2 is vulnerable; prior versions may also be affected.

Remediation

Update to the latest version

References

http://www.securityfocus.com/bid/54459/exploit

http://www.opensyscom.fr/Actualites/post-recommendations-for-wordpress-remote-file-inclusion-vulnerability.html

http://secunia.com/advisories/49945/

Related Vulnerabilities

WordPress Plugin WooCommerce Checkout Manager Cross-Site Request Forgery (4.3)

WordPress Plugin Support Ticket System By Phoeniixx Unspecified Vulnerability (2.7)

WordPress Plugin Store Locator Plus for WordPress Privilege Escalation (5.5.14)

WordPress Plugin WP fail2ban Security Bypass (4.0.2)

Joomla! Core 3.x.x Cross-Site Request Forgery (3.0.0 - 3.9.26)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update File Inclusion