Type: File inclusion
Status: A new version of WP Online Store has been released
1) Input passed to the "turl" and "file" parameters in index.php (when "force" is set to "downloadnow" and "page_id" is set to the WP Online Store page) is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
2) Input passed to the "slug" parameter in index.php (when "page_id" set to the WP Online Store page) is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences
NOTE: this plugin is showing as not updated but it has been updated, the author did not update the versioning on wordpress.org nor provide a changelog
- Secunia ID: 50836
- Credit: Charlie Eriksen
- Plugin statistics provided by WordPress.org. Updated within the last day or so.
- ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository