Information Disclosure Vulnerability in EasyCart Plugin for WordPress
CVE-2014-4942

Currently unrated

Key Information:

Vendor
Wordpress
Status
WP-easycart
Vendor
CVE Published:
11 July 2014

Summary

The EasyCart plugin for WordPress, specifically versions prior to 2.0.6, contains a vulnerability that permits remote attackers to access sensitive configuration details through direct requests to 'inc/admin/phpinfo.php'. This PHP script leverages the phpinfo function, disclosing internal data that could be exploited for malicious purposes. It is crucial for users to update to newer versions to mitigate the risk associated with this flaw.

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...
x_refsource_CONFIRM
http://codevigilant.com/disclosure/wp-plugin-wp-easycart-...
x_refsource_MISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.