Local File Inclusion Vulnerability in Nevma Adaptive Images Plugin for WordPress
CVE-2019-14205

7.5HIGH

Key Information:

Vendor
Wordpress
Status
Adaptive Images
Vendor
CVE Published:
21 July 2019

Summary

A vulnerability exists in the Nevma Adaptive Images plugin for WordPress that enables remote attackers to exploit Local File Inclusion (LFI). By manipulating the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php, attackers can gain unauthorized access to arbitrary files on the server, posing a significant risk to the security of the affected website. This vulnerability underscores the importance of securing WordPress plugins to prevent potential data breaches.

References

https://markgruffer.github.io/2019/07/19/adaptive-images-...
x_refsource_MISC
https://wordpress.org/plugins/adaptive-images/#developers
x_refsource_MISC
https://github.com/markgruffer/markgruffer.github.io/blob...
x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.