Summary
The Google Doc Embedder Plugin for WordPress is prone to an arbitrary file-disclosure vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker can use directory-traversal sequences to retrieve arbitrary files in the context of the affected application.
Google Doc Embedder 2.4.6 is vulnerable
other versions may also
be affected.
Solution
Vendor updates are available. Please see the references for more information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-4915 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache Struts Directory Traversal Vulnerability
- Adobe JRun Management Console Multiple Vulnerabilities