Directory Traversal Vulnerability in Media from FTP Plugin for WordPress
CVE-2018-5310

6.5MEDIUM

Key Information:

Vendor
Wordpress
Status
Media From Ftp
Vendor
CVE Published:
9 January 2018

Summary

The Media from FTP plugin for WordPress is susceptible to a directory traversal vulnerability that can be exploited through the 'searchdir' parameter in the URI wp-admin/admin.php?page=mediafromftp-search-register. This flaw allows an attacker to potentially access sensitive files on the server, posing a significant risk to website security. It is essential for users to upgrade to the latest version of the plugin to mitigate this vulnerability.

References

https://wordpress.org/plugins/media-from-ftp/#developers
x_refsource_MISC
https://wordpress.org/support/topic/any-directory-travers...
x_refsource_MISC
https://github.com/d4wner/Vulnerabilities-Report/blob/mas...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.