WordPress.org

Ready to get started?Download WordPress

Forums

Advanced Dewplayer
[resolved] Security vulnerability CVE-2013-7240 directory traversal (2 posts)

  1. henrisalo
    Member
    Posted 7 months ago #

    Hello,

    I discovered a security vulnerability from this plugin. Please fix it as soon as possible, thank you.

    Following URL can be used to download WordPress configuration file without authentication:

    http://example.com/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php

    Please use CVE-2013-7240 in the changelog when you fix this issue.

    http://wordpress.org/plugins/advanced-dewplayer/

  2. westerndeal
    Member
    Plugin Author

    Posted 7 months ago #

    Hello henrisalo,
    Thanks for Letting us know,
    We have Fixed this issue, Now It will Now Allow to Download .mp3 and other audio files only,
    Please download the latest version,

    Thanks
    Abdullah K

Reply

You must log in to post.

About this Plugin

About this Topic