Description
WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution version 2.4.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.4.1 or latest
References
http://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html
http://www.homelab.it/index.php/2015/03/24/wp-marketplace-rce/
http://www.exploit-db.com/exploits/36490/
http://packetstormsecurity.com/files/131018/WordPress-Marketplace-2.4.0-Arbitrary-File-Download.html
http://packetstormsecurity.com/files/131019/WordPress-Marketplace-2.4.0-Add-Administrator.html
Related Vulnerabilities
Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28736)
WordPress Plugin Contact Form by BestWebSoft Email Header Injection (3.83)
Joomla! Core 3.3.x Security Bypass (3.3.0 - 3.3.3)
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4629)