Description

WordPress Plugin Adaptive Images for WordPress is prone to multiple vulnerabilities, including arbitrary file deletion and local file inclusion vulnerabilities. An attacker may leverage these issues to delete arbitrary files or to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Adaptive Images for WordPress version 0.6.66 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 0.6.67 or latest

References

https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html

https://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown

https://plugins.svn.wordpress.org/adaptive-images/trunk/readme.txt

Related Vulnerabilities

phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-3646)

WordPress Plugin Swipe Checkout for eShop Cross-Site Scripting (3.7.0)

WordPress Plugin Learning Courses Privilege Escalation (4.7)

WordPress Clickjacking Vulnerability (0.7 - 3.1.2)

Oracle Database Server CVE-2010-4423 Vulnerability (CVE-2010-4423)

Severity

High

Classification

CVE-2019-14205 CVE-2019-14206 CWE-22 CWE-73 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update