Description

WordPress Plugin CP Image Store with Slideshow is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin CP Image Store with Slideshow version 1.0.5 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.0.7 or latest

References

https://www.exploit-db.com/exploits/37559/

https://wordpress.org/plugins/cp-image-store/changelog/

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32667)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7711)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5490)

WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2)

WordPress Plugin UsersWP-Front-end login form, User Registration, User Profile & Members Directory for WordPress Cross-Site Scripting (1.2.2.28)

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure