Description

WordPress Plugin Social Discussions is prone to a remote file include vulnerability and an information disclosure vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to compromise the application and the underlying system or to obtain sensitive information which may help in launching further attacks. WordPress Plugin Social Discussions version 6.1.1 is vulnerable; other versions may also be affected.

Remediation

Update to plugin version 6.1.2 or latest

References

http://www.securityfocus.com/bid/56091/exploit

http://www.exploit-db.com/exploits/22158/

http://www.waraxe.us/advisory-93.html

http://packetstormsecurity.com/files/117465/Wordpress-Social-Discussions-6.1.1-File-Inclusion-Path-Disclosure.html

Related Vulnerabilities

TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21908)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43725)

MediaWiki Improper Input Validation Vulnerability (CVE-2011-1580)

WordPress Plugin ActiveCampaign-Forms, Site Tracking, Live Chat Unspecified Vulnerability (5.7)

WordPress Plugin Theme Editor Arbitrary File Download (2.5)

Severity

High

Classification

CWE-94 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update File Inclusion Information Disclosure