ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Amazon Affiliate Shop Plugin <= 0.9.6 - Local File Inclusion

Product
Amazon Affiliate Shop
Description
This vulnerability is in reviews.php. It allows the attackers to read arbitrary files via a full pathname in the "url" parameter.
Solution
Update the plugin.
Classification
Type Local File Inclusion
References
CVE Mitre
CVE
Name CVE-2014-4577
Versions
Affected In <= 0.9.6
Fixed In 0.9.7
Disclosure date
2014-06-23
Credits
Anant Shrivastava