ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Tinymce Thumbnail Gallery Plugin 1.0.7 - Remote File Disclosure

Product
Tinymce Thumbnail Gallery
Description
WordPress Tinymce Thumbnail plugin is prone to a remote file disclosure vulnerability. It allows an attacker to compromise encrypted login credentials for or retrieve the device's administrator password allowing them to directly access the device's configuration control panel.
Solution
Update the plugin.
Classification
Type BYPASS
OWASP Top 10 A7: Missing Function Level Access Control
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.0.7
Fixed In 1.0.8
Disclosure date
2012-06-08
Credits
Sammy FORGIT