CVE-2015-7669

Name of the Vulnerable Software and Affected Versions Easy2Map plugin versions prior to 1.3.0

Description The issue concerns directory traversal vulnerabilities in the Easy2Map plugin for WordPress. Specifically, the vulnerabilities are located in the includes/MapImportCSV2.php and includes/MapImportCSV.php files. These vulnerabilities allow remote attackers to include and execute arbitrary files via the csvfile parameter, which is related to the "upload file functionality."

Recommendations For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the includes/MapImportCSV2.php and includes/MapImportCSV.php files to minimize the risk of exploitation. Avoid using the csvfile parameter in the affected functionality until the issue is resolved.