• WordPress Plugin WP Background Takeover is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Background Takeover version 4.1.4 is vulnerable; prior versions may also be affected.

• Update to plugin version 4.1.5 or latest

• • https://99robots.com/docs/wp-background-takeover-advertisements/#change-log

• 

• CVE-2018-9118

• CWE-22

• Missing Update Directory Traversal

• Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.6)
• WordPress Plugin Double Opt-In for Download Multiple Cross-Site Scripting Vulnerabilities (2.1.5)
• WordPress Plugin Tera Charts Cross-Site Scripting (1.0)
• WordPress Plugin Yet Another Related Posts (YARPP) Multiple Vulnerabilities (4.2.4)
• WordPress Plugin Feed Statistics Open Redirect (3.0)