CVE-2018-20463

Name of the Vulnerable Software and Affected Versions JSmol2WP plugin version 1.07

Description An issue in the JSmol2WP plugin allows for arbitrary file read via directory traversal. This is achieved by exploiting the query parameter in the jsmol.php query string with ../ directory traversal in php://filter/resource=. The issue can also be used for Server-Side Request Forgery (SSRF).

Recommendations For JSmol2WP plugin version 1.07, consider restricting access to the jsmol.php file until a patch is available. As a temporary workaround, avoid using the query parameter in the jsmol.php query string to minimize the risk of exploitation.