WordPress.org

Forums

Advanced Dewplayer
[resolved] Security vulnerability CVE-2013-7240 directory traversal (2 posts)

  1. henrisalo
    Member
    Posted 1 year ago #

    Hello,

    I discovered a security vulnerability from this plugin. Please fix it as soon as possible, thank you.

    Following URL can be used to download WordPress configuration file without authentication:

    http://example.com/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php

    Please use CVE-2013-7240 in the changelog when you fix this issue.

    http://wordpress.org/plugins/advanced-dewplayer/

  2. westerndeal
    Member
    Plugin Author

    Posted 1 year ago #

    Hello henrisalo,
    Thanks for Letting us know,
    We have Fixed this issue, Now It will Now Allow to Download .mp3 and other audio files only,
    Please download the latest version,

    Thanks
    Abdullah K

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Advanced Dewplayer
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic