CVE-2015-4617

Name of the Vulnerable Software and Affected Versions Easy2map-photos WordPress Plugin version 1.09

Description The issue allows path traversal when specifying file names, enabling the creation of files outside of the upload directory. This is due to a vulnerability in the MapPinImageUpload.php and MapPinIconSave.php files.

Recommendations For Easy2map-photos WordPress Plugin version 1.09, consider restricting access to the MapPinImageUpload.php and MapPinIconSave.php files until a patch is available. As a temporary workaround, avoid using the plugin's file upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.