Description

WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics version 0.7 is vulnerable; prior versions may also be affected.

Remediation

Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available

References

https://www.exploit-db.com/exploits/37494/

https://packetstormsecurity.com/files/132578/WordPress-S3Bubble-Cloud-Video-With-Adverts-Analytics-Arbitrary-File-Download.html

Related Vulnerabilities

WordPress Plugin WordPress Books Gallery Security Bypass (3.5)

WordPress Plugin Unlimited Pop-Ups Multiple Cross-Site Scripting Vulnerabilities (1.4.3)

WordPress Plugin TableOn-WordPress Posts Table Filterable Cross-Site Scripting (1.0.0)

WordPress Plugin FireStats Arbitrary File Download (1.6.5)

WordPress Plugin WC Duplicate Order Unspecified Vulnerability (1.3)

Severity

High

Classification

CVE-2015-9464 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Information Disclosure