Описание
The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory.
Ссылки
- Product
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.13.1 (исключая)
cpe:2.3:a:revmakx:infinitewp_client:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 77%
0.01091
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.3
github
около 1 года назад
The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory.
EPSS
Процентиль: 77%
0.01091
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-22