WordPress Plugin Vulnerabilities

Myflash - myextractXML.php path Parameter Arbitrary File Access

Description

The myflash WordPress plugin was affected by a myextractXML.php path Parameter Arbitrary File Access security vulnerability.

Affects Plugins

Plugin icon
myflash
No known fix

References

URL
https://packetstormsecurity.com/files/#118400/

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Verified
No
WPVDB ID
0447f906-7134-4a81-8da7-6a522b2dd99d

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2015-02-11
Title
WordPress Slider Revolution - Local File Disclosure
Published
2025-04-09
Title
Oxygen MyData for WooCommerce < 1.0.65 - Unauthenticated Arbitrary File Deletion
Published
2018-12-07
Title
WP Payeezy Pay < 2.98 - Local File Inclusion
Published
2014-08-01
Title
PictPress <= 0.91 - Remote File Disclosure
Published
2025-12-12
Title
PDF Generator Addon for Elementor Page Builder < 2.0.1 - Unauthenticated Path Traversal