WP Online Store

Name: WP Online Store
Type: File inclusion
Exploit version: 1.3.1
Release Date: 14-04-2013
Status: A new version of WP Online Store has been released  •

Description:
1) Input passed to the "turl" and "file" parameters in index.php (when "force" is set to "downloadnow" and "page_id" is set to the WP Online Store page) is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.

2) Input passed to the "slug" parameter in index.php (when "page_id" set to the WP Online Store page) is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences

NOTE: this plugin is showing as not updated but it has been updated, the author did not update the versioning on wordpress.org nor provide a changelog



Plugin Information

  1. Downloaded: 94730 Times
  2. Current Version: 1.3.2
  3. Author: Profile
  4. Tested up to: 3.4.2
  5. Download Plugin

Security Information

  1. Secunia ID: 50836
  2. Credit: Charlie Eriksen
  • Plugin statistics provided by WordPress.org. Updated within the last day or so.
  • ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository