Directory Traversal Vulnerabilities in Easy2Map Plugin for WordPress
CVE-2015-7669

9.8CRITICAL

Key Information:

Vendor
Wordpress
Status
Easy2map
Vendor
CVE Published:
27 December 2017

Summary

The Easy2Map plugin for WordPress prior to version 1.3.0 contains multiple directory traversal vulnerabilities in the files includes/MapImportCSV2.php and includes/MapImportCSV.php. These vulnerabilities allow remote attackers to exploit the csvfile parameter, gaining the capability to include and execute arbitrary files. This poses a significant risk to the security of WordPress sites leveraging this plugin, emphasizing the importance of keeping plugins updated to mitigate potential attacks.

References

http://www.securityfocus.com/archive/1/536597/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://wordpress.org/plugins/easy2map/#developers
x_refsource_CONFIRM
https://wpvulndb.com/vulnerabilities/8206
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.