WordPress Google Doc Embedder Plugin Arbitrary File Disclosure Vulnerability Network Vulnerability

Summary

The Google Doc Embedder Plugin for WordPress is prone to an arbitrary file-disclosure vulnerability because it fails to properly sanitize user-supplied input. A remote attacker can use directory-traversal sequences to retrieve arbitrary files in the context of the affected application. Google Doc Embedder 2.4.6 is vulnerable other versions may also be affected.

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.securityfocus.com/bid/57133
http://www.wordpress.org/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4915

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache mod_proxy_ajp Information Disclosure Vulnerability
Apache Tomcat Information Disclosure Vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability

Take action and discover your vulnerabilities