Description

WordPress Plugin WP Doctor contains potential malicous code. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks, to gain access or to execute arbitrary commands and compromise the affected application, and possibly the webserver or computer; other attacks are also possible. WordPress Plugin WP Doctor version 1.7 is affected; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://planetzuda.com/wordpress-plugin-wp-doctor-contains-a-trojan/2018/09/19/

https://wordpress.org/plugins/wp-doctor/#description

Related Vulnerabilities

WordPress Plugin Invite Anyone Security Bypass (1.3.14)

MySQL CVE-2013-1511 Vulnerability (CVE-2013-1511)

WordPress Plugin Autocomplete Wizard Unspecified Vulnerability (2.0)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-9652)

Claroline Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-3261)

Severity

High

Classification

CWE-506 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update