WordPress.org

Support

Support » Plugins and Hacks » [Resolved] [Plugin: Relocate Upload] Possible 'abspath' vulnerability on version 0.14

[Resolved] [Plugin: Relocate Upload] Possible 'abspath' vulnerability on version 0.14

  • José Luís

    @jlcarneiro

    According to WebsiteDefender, version 0.14 has an abspath vulnerability:
    ——-
    The WordPress plugin relocate-upload from your WordPress installation in / is known to be affected by a security vulnerability.

    Vulnerability details
    Title: WordPress Relocate Upload Plugin ‘abspath’ Parameter Remote File Include Vulnerability
    Version: 0.14
    Description: WordPress Relocate Upload plugin is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible. Relocate Upload plugin version 0.14 is vulnerable; prior versions may also be affected.
    Solution: Update the WordPress plugin to the latest version or contact the vendor for more information about a fix.
    ——-

    Could you please verify it?

    http://wordpress.org/extend/plugins/relocate-upload/

Viewing 9 replies - 1 through 9 (of 9 total)
Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘[Resolved] [Plugin: Relocate Upload] Possible 'abspath' vulnerability on version 0.14’ is closed to new replies.