ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Support Plus Responsive Ticket System Plugin 2.0 - Multiple Vulnerabilities

Product
WP Support Plus Responsive Ticket System
Description
There are 4 multiple vulnerabilities in this plugin. 1. SQL injection. 2. Full path disclosure. With this vulnerability full path to the file will be shown to the user after the file has been uploaded. 3. Directory traversal that allows download any file from the server. 4. Broken authentication.
Solution
Update the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 2.0
Fixed In 2.1
Disclosure date
2014-09-09
Credits
Fikri Fadzil