Vulnerability CVE-2015-7683


Published: 2015-10-16   Modified: 2015-10-23

Description:
Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.

See advisories in our WLB2 database:
Topic
Author
Date
High
WordPress Font 7.5 Path Traversal
David Moore
13.10.2015

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Font project -> FONT 

 References:
http://packetstormsecurity.com/files/133930/WordPress-Font-7.5-Path-Traversal.html
http://www.securityfocus.com/archive/1/536670/100/0/threaded
https://wordpress.org/plugins/font/changelog/
https://wpvulndb.com/vulnerabilities/8214

Copyright 2024, cxsecurity.com

 

Back to Top