ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Image Export Plugin 1.1.0 - Arbitrary File Disclosure

Product
Image Export
Description
An attacker can access wp-config.php and get database credentials. Vulnerability exists in download.php file: localhost/wp/wp-content/plugins/image-export/download.php?file=../../../wp-config.php.
Solution
Upgrade the plugin.
Classification
Type Arbitrary File Download
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.1.0
Fixed In 1.1.1
Disclosure date
2016-03-21
Credits
AMAR^SHG