ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Google Document Embedder Plugin - Arbitrary File Disclosure

Product
Google Document Embedder
Description
Google Document Embedder plugin is prone to an arbitrary file disclosure vulnerability. It allows for database credential disclosure via the /libs/pdf.php script.
Solution
Update the plugin.
Classification
Type Arbitrary File Download
OWASP Top 10 A6: Sensitive Data Exposure
References
Exploit-DB
CVE
Name CVE- 2012-4915
Versions
Affected In <= 2.4.6
Fixed In 2.4.7
Disclosure date
2013-01-08
Credits
metasploit