ThreatPress

WordPress Vulnerabilities Database

Back

WordPress CP Image Store with Slideshow Plugin 1.0.5 - Arbitrary File Download

Product
CP Image Store with Slideshow
Description
CP Image Store with Slideshow plugin is prone to an arbitrary file download vulnerability via "cp-image-store.php". It allows an attacker to download arbitrary files from the web server and get potentially sensitive information.
Solution
Update the plugin.
Classification
Type Arbitrary File Download
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.0.5
Fixed In 1.0.6
Disclosure date
2015-07-10
Credits
i0akiN SEC-LABORATORY