Description

WordPress Plugin Simply Static is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Simply Static version 1.6.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.6.3 or latest

References

https://www.pluginvulnerabilities.com/2016/10/11/vulnerability-details-arbitrary-file-viewing-vulnerability-in-simply-static/

https://wordpress.org/plugins/simply-static/changelog/

Related Vulnerabilities

WordPress Plugin Livemesh Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (6.7.1)

WordPress Plugin Timetable and Event Schedule by MotoPress Cross-Site Request Forgery (2.4.1)

WordPress Plugin Donation with Goals and Paypal IPN by NonprofitCMS.org 'exporttocsv.php' SQL Injection (1.0)

WordPress Plugin YITH WooCommerce Gift Cards Premium Arbitrary File Upload (3.19.0)

WordPress Plugin W3 Total Cache Multiple Vulnerabilities (0.9.4.1)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure