ThreatPress

WordPress Vulnerabilities Database

Back

WordPress IP Blacklist Cloud Plugin <= 3.42 - Arbitrary File Disclosure

Product
MailCWP
Description
This plugin is prone to an arbitrary file disclosure vulnerability. It allows an user with adequate access to the WordPress instance to read files on the system and potentially compromising further credentials such as FTP, MySQL, amongst other sensitive information.
Solution
Upgrade the plugin.
Classification
Type Local File Inclusion
OWASP Top 10 A1: Injection
References
Research-G0blin
CVE
Name CVE-N/A
Versions
Affected In <= 3.42
Fixed In 3.43
Disclosure date
2015-03-13
Credits
James Hooker