Description

WordPress Plugin Ruben Boelinger wordTube is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Ruben Boelinger wordTube version 1.43 is vulnerable; other versions may also be affected.

Remediation

Update to plugin version 1.44 or latest

References

http://www.securityfocus.com/bid/23737/exploit

http://www.securityfocus.com/archive/1/467362

http://www.exploit-db.com/exploits/3825/

http://secunia.com/advisories/25074/

Related Vulnerabilities

WordPress Plugin Adning Advertising-Professional, All In One Ad Manager for Wordpress Arbitrary File Upload (1.5.5)

WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)

WordPress Plugin GlotPress Information Disclosure (2.2.1)

WordPress Plugin mklasen's Photobox Cross-Site Scripting (1.0)

Joomla! Core Multiple Vulnerabilities (1.7.3 - 3.7.2)

Severity

High

Classification

CVE-2007-2481 CVE-2007-2482 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update File Inclusion