ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Spellchecker Plugin 3.1 - Local and Remote File Include Vulnerabilities

Product
Spell Checker
Description
This Spellchecker plugin's "general.php" parameter is prone to remote file include and local file include vulnerabilities because of application's failure to sufficiently clean up user-supplied input. These issues allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process. Other attacks are also possible.
Solution
Update the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 3.1
Fixed In 3.2
Disclosure date
2011-04-12
Credits
Dr Trojan