Description

WordPress Plugin Page Flip Image Gallery is prone to a remote file disclosure vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Page Flip Image Gallery versions 0.2.2 and below are vulnerable.

Remediation

Update to the latest version

References

http://www.exploit-db.com/exploits/7543/

http://packetstormsecurity.com/files/view/73347/wppageflip-disclose.txt

http://secunia.com/advisories/33274/

Related Vulnerabilities

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0126)

Drupal Core 8.8.x Multiple Cross-Site Scripting Vulnerabilities (8.8.0 - 8.8.9)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2107)

MySQL CVE-2020-2804 Vulnerability (CVE-2020-2804)

Oracle Application Server Other Vulnerability (CVE-2005-3445)

Severity

High

Classification

CVE-2008-5752 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure