WordPress Video Embed & Thumbnail Generator Plugin Path Disclosure Vulnerability
BID:52652
Info
WordPress Video Embed & Thumbnail Generator Plugin Path Disclosure Vulnerability
| Bugtraq ID: | 52652 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2012-1786 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 21 2012 12:00AM |
| Updated: | Mar 21 2012 12:00AM |
| Credit: | kylegilman |
| Vulnerable: |
WordPress Video Embed & Thumbnail Generator 1.1 |
| Not Vulnerable: |
WordPress Video Embed & Thumbnail Generator 2.0 |
Discussion
WordPress Video Embed & Thumbnail Generator Plugin Path Disclosure Vulnerability
Video Embed & Thumbnail Generator plugin for WordPress is prone to a path-disclosure issue when invalid data is submitted.
Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.
Versions prior to Video Embed & Thumbnail Generator 2.0 are vulnerable.
Video Embed & Thumbnail Generator plugin for WordPress is prone to a path-disclosure issue when invalid data is submitted.
Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.
Versions prior to Video Embed & Thumbnail Generator 2.0 are vulnerable.
Exploit / POC
WordPress Video Embed & Thumbnail Generator Plugin Path Disclosure Vulnerability
An attacker can exploit the issue using a browser.
An attacker can exploit the issue using a browser.
Solution / Fix
WordPress Video Embed & Thumbnail Generator Plugin Path Disclosure Vulnerability
Solution:
Vendor fixes are available. Please see the references for details.
Solution:
Vendor fixes are available. Please see the references for details.
References
WordPress Video Embed & Thumbnail Generator Plugin Path Disclosure Vulnerability
References:
References:
- Video Embed & Thumbnail Generator Homepage (WordPress)
- Wordpress church_admin Plugin "id" Cross-Site Scripting Vulnerability (Sammy Forgit)