PT-2014-2417 · WordPress · Vitamin Plugin
Seo Peter
·
Published
2014-07-31
·
Updated
2014-08-01
·
CVE-2012-6651
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Vitamin plugin for WordPress versions prior to 1.1.0
Description
The issue allows remote attackers to access arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the path parameter to specific API endpoints, such as "add headers.php" or "minify.php".
Recommendations
For Vitamin plugin for WordPress versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vitamin Plugin