Description
WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution version 2.4.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.4.1 or latest
References
http://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html
http://www.homelab.it/index.php/2015/03/24/wp-marketplace-rce/
http://www.exploit-db.com/exploits/36490/
http://packetstormsecurity.com/files/131018/WordPress-Marketplace-2.4.0-Arbitrary-File-Download.html
http://packetstormsecurity.com/files/131019/WordPress-Marketplace-2.4.0-Add-Administrator.html
Related Vulnerabilities
Drupal Core 8.9.0 Cross-Site Request Forgery (8.9.0)
WordPress Plugin Event List SQL Injection (0.7.8)
WordPress Plugin Integration of Moneybird for WooCommerce Cross-Site Scripting (2.1.1)
phpMyAdmin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000013)
WordPress Plugin LIQUID SPEECH BALLOON Cross-Site Scripting (1.0.6)