Directory Traversal Vulnerability in JS Multi Hotel Plugin for WordPress
CVE-2014-100009

Currently unrated

Key Information:

Vendor: Wordpress
Status: Js Multi Hotel
Vendor: CVE Published:; 13 January 2015

Summary

The JS Multi Hotel plugin for WordPress, in version 2.2.1 and earlier, is susceptible to a directory traversal vulnerability that enables remote attackers to access sensitive installation paths. This weakness is exposed through several PHP files including functions.php, myCalendar.php, refreshDate.php, and more, in the plugin's includes directory. By exploiting this vulnerability, attackers could potentially gain insight into the server structure and application configuration, which may lead to further attacks. It is essential to mitigate this risk by updating to a patched version of the plugin.

References

http://packetstormsecurity.com/files/125959

x_refsource_MISC

http://websecurity.com.ua/7087/

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 13, 2015