ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Firestats Plugin <= 1.6.5 - Remote Configuration File Download

Product
FireStats
Description
This Firestats plugin is prone to remote file-include vulnerability. It fails to clean user data sufficiently. The attacker may compromise the application and the other attacks are possible.
Solution
Update the plugin.
Classification
Type Arbitrary File Download
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.6.5
Fixed In 1.6.6
Disclosure date
2010-07-09
Credits
Jelmer de Hen