WordPress Light Post Plugin 'abspath' Parameter Remote File Include Vulnerability Network Vulnerability

Summary

The Light Post WordPress Plugin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user- supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system other attacks are also possible. Light Post Plugin 1.4 is vulnerable other versions may also be affected.

Solution

Vendor updates are available. Please see the references for more information.

References

http://plugins.trac.wordpress.org/changeset/437217/light-post/trunk/wp-light-post.php?old=416259&old_path=light-post%2Ftrunk%2Fwp-light-post.php
http://wordpress.org/extend/plugins/light-post/changelog/
http://www.securityfocus.com/bid/50080
http://www.wordpress.org

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
ATutor password reminder SQL injection
A-Blog 'sources/search.php' SQL Injection Vulnerability
AstroSPACES profile.php SQL Injection Vulnerability

Take action and discover your vulnerabilities