ThreatPress

WordPress Vulnerabilities Database

Back

WordPress BookX Plugin - Local File Include

Product
BookX
Description
BookX plugin's "includes/bookx_export.php" is prone to a local file include vulnerability because of failure of validation user-supplied input. It allows an attacker to get potentially sensitive information.
Solution
Update the plugin.
Classification
Type Local File Inclusion
References
Exploit-DB
CVE
Name CVE-2014-4937
Versions
Affected In <= 1.7
Fixed In 1.8
Disclosure date
2014-05-28
Credits
Anant Shrivastava