CVE-2014-2674

Name of the Vulnerable Software and Affected Versions Ajax Pagination (twitter Style) plugin version 1.1 for WordPress

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability. This is achieved by using a .. (dot dot) in the loop parameter in an ajax navigation action to the "wp-admin/admin-ajax.php" endpoint.

Recommendations For Ajax Pagination (twitter Style) plugin version 1.1, consider disabling the ajax navigation action to wp-admin/admin-ajax.php until a patch is available. Avoid using the loop parameter in the affected endpoint until the issue is resolved.