Description

WordPress Plugin Page Flip Image Gallery is prone to a remote file disclosure vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Page Flip Image Gallery versions 0.2.2 and below are vulnerable.

Remediation

Update to the latest version

References

http://www.exploit-db.com/exploits/7543/

http://packetstormsecurity.com/files/view/73347/wppageflip-disclose.txt

http://secunia.com/advisories/33274/

Related Vulnerabilities

Drupal Data Processing Errors Vulnerability (CVE-2017-6920)

WordPress 4.4.x Prototype Pollution (4.4 - 4.4.26)

MySQL CVE-2021-35624 Vulnerability (CVE-2021-35624)

Drupal Core 7.x Multiple Security Bypass Vulnerabilities (7.0 - 7.25)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-3327)

Severity

High

Classification

CVE-2008-5752 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure