ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Rename Plugin <= 1.0 - Absolute Path Traversal

Product
Rename
Description
Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter.
Solution
Update the plugin.
Classification
Type Local File Inclusion
References
CVE Mitre
CVE
Name CVE-2015-4703
Versions
Affected In <= 1.0
Fixed In 1.1
Disclosure date
2015-06-22
Credits
Larry W. Cashdollar