Remote File Inclusion Vulnerability in WP eCommerce Shop Styling Plugin by WordPress
CVE-2013-0724

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-ecommerce-shop-styling
Vendor: CVE Published:; 27 May 2014

Summary

The WP eCommerce Shop Styling plugin for WordPress contains a PHP remote file inclusion vulnerability located in 'includes/generate-pdf.php'. This flaw allows malicious users to execute arbitrary PHP code by manipulating the 'dompdf' parameter, potentially leading to unauthorized access and control over affected systems. It is crucial for website administrators to upgrade to version 1.8 or higher to mitigate this risk and safeguard their platforms against exploitation and data breaches.

References

http://www.securityfocus.com/bid/57768

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/81931

vdb-entryx_refsource_XF

http://wordpress.org/plugins/wp-ecommerce-shop-styling/ch...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 27, 2014
Vulnerability Reserved
Jan 2, 2013