ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Media from FTP plugin <=9.84 - Authenticated Directory Traversal vulnerability

Product
Media from FTP
Description
Authenticated Directory Traversal vulnerability found by wpl0v3r in WordPress Media from FTP plugin (versions <=9.84). Vulnerable via exists via the "searchdir" parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI.
Solution
Update the WordPress Media from FTP plugin to the latest available version (at least 9.85).
Classification
Type Directory Traversal
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
CVE
Name CVE-2018-5310
Versions
Affected In <=9.84
Fixed In 9.85
Disclosure date
2018-01-09
Credits
wpl0v3r
Submitter
ThreatPress