ThreatPress

WordPress Vulnerabilities Database

Back

WordPress JS Multi Hotel Plugin <= 2.2.1 - Multiple Vulnerabilities

Product
JS Multi Hotel
Description
Because of these vulnerabilities, the attackers can obtain the installation path via a request to widget.php, functions.php, myCalendar.php, show_image.php, refreshDate.php, phpthumb/thumb_plugins/gd_reflection.inc.php or phpthumb/GdThumb.inc.php in includes/.
Solution
Update the plugin.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2014-100009
Versions
Affected In <= 2.2.1
Fixed In 2.2.2
Disclosure date
2015-01-13
Credits
MustLive