ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Theme Tuner Plugin <= 0.7 - Remote File Inclusion

Product
Theme Tuner
Description
Because of this vulnerability in ajax/savetag.php, the attackers can execute arbitrary PHP code via a URL in the "tt-abspath" parameter.
Solution
Update the plugin.
Classification
Type Remote File Inclusion
References
CVE Mitre
CVE
Name CVE-2012-0934
Versions
Affected In <= 0.7
Fixed In 0.8
Disclosure date
2012-01-28
Credits
Ben Schmidt