CVE-2015-10105

Name of the Vulnerable Software and Affected Versions IP Blacklist Cloud Plugin versions up to 3.42

Description A critical vulnerability was found in the IP Blacklist Cloud Plugin on WordPress, affecting the valid js identifier function of the ip blacklist cloud.php file in the CSV File Import component. The manipulation of the filename argument leads to path traversal, and it is possible to initiate the attack remotely.

Recommendations For IP Blacklist Cloud Plugin versions up to 3.42, upgrade to version 3.43 to address this issue. As a temporary workaround, consider restricting access to the ip blacklist cloud.php file or disabling the valid js identifier function until the upgrade is applied.