Description

WordPress Plugin Vitamin is prone to multiple arbitrary file disclosure vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to view local files in the context of the web server process, which may aid in launching further attacks. WordPress Plugin Vitamin version 1.0.0 is vulnerable.

Remediation

Update to plugin version 1.1.0 or latest

References

http://secunia.com/advisories/50176/

http://www.securityfocus.com/bid/54856/

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1757)

MySQL CVE-2015-4861 Vulnerability (CVE-2015-4861)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Security Bypass (3.0.30)

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress PHAR Deserialization (3.7.9)

WordPress Plugin Traffic Manager Multiple Vulnerabilities (1.4.5)

Severity

High

Classification

CVE-2012-6651 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure