WordPress eShop Magic Plugin "file" Arbitrary File
WordPress eShop Magic Plugin "file" Arbitrary File Disclosure Vulnerability
Release Date : 2012-10-12
Criticality level : Moderately critical
Impact: Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch
Software: WordPress eShop Magic Plugin 0.x
A vulnerability has been discovered in the eShop Magic plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "file" GET parameter in wp-content/plugins/eshop-magic/download.php is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
The vulnerability is confirmed in version 0.1.
Update to version 0.2.
Provided and/or discovered by:
Reported by the vendor.