ThreatPress

WordPress Vulnerabilities Database

Back

WordPress FireStats Plugin <= 1.6.1 - Remote File Inclusion

Product
FireStats
Description
Because of this vulnerability in firestats-wordpress.php, the attackers can execute arbitrary PHP code via a URL in the "fs_javascript" parameter.
Solution
Update the plugin.
Classification
Type Remote File Inclusion
References
CVE Mitre
CVE
Name CVE-2009-2143
Versions
Affected In <= 1.6.1
Fixed In 1.6.2
Disclosure date
2009-06-22