Description

pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.

Remediation

References

CVE-2019-6715

Related Vulnerabilities

Apache Traffic Server Remote DOS Attack (CVE-2021-27737)

WordPress Plugin WP Video Lightbox Cross-Site Scripting (1.9.2)

Python CVE-2018-1060 Vulnerability (CVE-2018-1060)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17308)

WordPress Plugin CSS Plus Multiple Unspecified Vulnerabilities (1.3.1)

Severity

High

Classification

CVE-2019-6715 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities