ThreatPress

WordPress Vulnerabilities Database

Back

WordPress E-Commerce Shop Styling Plugin <= 1.7 - Remote File Inclusion

Product
E-Commerce Shop Styling
Description
Because of this vulnerability in includes/generate-pdf.php, the attackers can execute arbitrary PHP code via a URL in the "dompdf" parameter.
Solution
Update the plugin.
Classification
Type Remote File Inclusion
References
CVE Mitre
CVE
Name CVE-2013-0724
Versions
Affected In <= 1.7
Fixed In 1.8
Disclosure date
2013-01-02
Credits
Charlie Eriksen