Directory Traversal Vulnerability in Google Doc Embedder Plugin for WordPress
CVE-2012-4915

Currently unrated

Key Information:

Vendor: Wordpress
Status: Google Doc Embedder
Vendor: CVE Published:; 29 May 2014

Summary

The Google Doc Embedder plugin for WordPress is susceptible to a directory traversal vulnerability that allows remote attackers to access arbitrary files on the server. This security flaw is exploited by manipulating the 'file' parameter in the 'libs/pdf.php' file, allowing unauthorized reading of potentially sensitive information. Users of versions prior to 2.5.4 are at risk and should update their plugins promptly to mitigate this risk.

References

http://www.securityfocus.com/bid/57133

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/80930

vdb-entryx_refsource_XF

http://osvdb.org/88891

vdb-entryx_refsource_OSVDB

EPSS Score

77% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 29, 2014
Vulnerability Reserved
Sep 14, 2012