ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP EasyCart Plugin <= 2.0.5 - Information Disclosure

Product
WP EasyCart
Description
Because of this vulnerability, the attackers can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the "phpinfo" function.
Solution
Update the plugin.
Classification
Type Information Disclosure
References
CVE Mitre
CVE
Name CVE-2014-4942
Versions
Affected In <= 2.0.5
Fixed In 2.0.6
Disclosure date
2014-07-11
Credits
Anant Shrivastava