Directory Traversal Vulnerability in WordPress Plugin wp-Table by WordPress
CVE-2007-2483

Currently unrated

Key Information:

Vendor

Wordpress
Status
WP-table
Vendor
CVE Published:
3 May 2007

What is CVE-2007-2483?

A directory traversal vulnerability exists in the wp-Table plugin for WordPress, specifically in the js/wptable-button.php file. This vulnerability can be exploited when the PHP register_globals feature is enabled, allowing remote attackers to manipulate the wpPATH parameter. By exploiting this vulnerability, attackers can potentially include and execute arbitrary local files on the server, posing serious security risks to affected WordPress installations.

References

https://www.exploit-db.com/exploits/3824
exploitx_refsource_EXPLOIT-DB
http://secunia.com/advisories/25063
third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/37297
vdb-entryx_refsource_OSVDB

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.