ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Advanced Dewplayer Plugin - Script Directory Traversal

Product
Advanced Dewplayer
Description
Advanced Dewplayer plugin is prone to a directory traversal vulnerability because of failure of cleaning up user-supplied input. An attacker can obtain sensitive information that could aid in further attacks.
Solution
Upgrade the plugin.
Classification
Type Session Hijacking
OWASP Top 10 A7: Missing Function Level Access Control
References
Exploit-DB
CVE
Name CVE-2013-7240
Versions
Affected In <= 1.2
Fixed In 1.3
Disclosure date
2013-12-30
Credits
Henri Salo