WordPress image-export plugin 'download. php' Arbitrary File download Vulnerability
WordPress image-export plugin 'download. php' Arbitrary File download Vulnerability
Release date:
Updated on:
Affected Systems:
WordPress image-export
Description:
Bugtraq id: 75991
CVE (CAN) ID: CVE-2015-5609
The image-export plug-in exports special images as WordPress xml and can be imported to other sites using the Wordpress import tool.
Image-export 1.1 and other versions have a security vulnerability in 'download. php'. Attackers can exploit this vulnerability to download arbitrary files in the context of Web server processes.
<* Source: Larry W. Cashdollar (lwc@vapid.dhs.org)
*>
Suggestion:
Vendor patch:
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Https://wordpress.org/plugins/export-featured-images/
This article permanently updates the link address: