Directory Traversal Vulnerability in WordPress Plugin wp-Table by WordPress
CVE-2007-2483

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-table
Vendor: CVE Published:; 3 May 2007

Summary

A directory traversal vulnerability exists in the wp-Table plugin for WordPress, specifically in the js/wptable-button.php file. This vulnerability can be exploited when the PHP register_globals feature is enabled, allowing remote attackers to manipulate the wpPATH parameter. By exploiting this vulnerability, attackers can potentially include and execute arbitrary local files on the server, posing serious security risks to affected WordPress installations.

References

https://www.exploit-db.com/exploits/3824

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/25063

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/37297

vdb-entryx_refsource_OSVDB

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 3, 2007
Vulnerability Reserved
May 3, 2007