PHP Remote File Inclusion Vulnerability in FireStats Plugin for WordPress
CVE-2009-2143
Currently unrated
Summary
The FireStats plugin for WordPress has a vulnerability in the firestats-wordpress.php file that enables remote file inclusion. This flaw allows attackers to inject and execute arbitrary PHP code through the manipulation of the fs_javascript parameter. Users of versions prior to 1.6.2-stable are particularly at risk, as this defect could lead to significant security breaches if exploited.
References
Timeline
Vulnerability published
Vulnerability Reserved