WordPress Plugin Vulnerabilities

Portable phpMyAdmin - /pma/phpinfo.php Direct Request System Information Disclosure

Description

The portable-phpmyadmin WordPress plugin was affected by a /pma/phpinfo.php Direct Request System Information Disclosure security vulnerability.

Affects Plugins

Plugin icon
portable-phpmyadmin
No known fix

References

CVE
CVE-2013-4454
URL
https://seclists.org/oss-sec/2013/q4/138

Classification

Type
FPD
OWASP top 10
A6: Security Misconfiguration
CWE
CWE-209
CVSS
9.1 (critical)

Miscellaneous

Verified
No
WPVDB ID
023b7ecf-766c-4b0c-885c-deb99b3456c0

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Imperial Fairytale - Multiple Script Direct Request Path Disclosure
Published
2014-08-01
Title
WP Photo Album Plus - Full Path Disclosure
Published
2014-08-01
Title
onepagewebsite - Full Path Disclosure
Published
2019-10-16
Title
Fast Velocity Minify < 2.7.7 - Full Path Disclosure
Published
2014-08-01
Title
Jigoshop 1.8 - Multiple Script Direct Request Path Disclosure