ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Background Takeover plugin <=4.1.4 - Directory Traversal vulnerability

Product
WP Background Takeover
Description
Directory Traversal vulnerability found in WordPress Background Takeover plugin (versions <=4.1.4). Unescaped URL allows access to other files.
Solution
Update the WordPress Background Takeover plugin to the latest available version (at least 4.1.5).
Classification
Type Directory Traversal
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-2018-9118
Versions
Affected In <=4.1.4
Fixed In 4.1.5
Disclosure date
2018-04-09
Submitter
ThreatPress