|
Description
|
|
dxwsecurity has reported a vulnerability in the Theme My Login plugin for WordPress, which can be exploited by malicious users to disclose potentially sensitive information.
Input passed via the "login_template" parameter is not properly verified before being used to include files. This can be exploited to disclose the contents of arbitrary local files via directory traversal sequences.
The vulnerability is reported in versions prior to 6.3.10.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
WordPress Theme My Login Plugin 6.x
|
|
|
|
|
|
Solution
|
|
Update to version 6.3.10.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
Theme My Login:
http://wordpress.org/plugins/theme-my-login/changelog/
dxwsecurity:
https://security.dxw.com/advisories/lfi-in-theme-my-login/
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
