WordPress Plugin Vulnerabilities

EZ SQL Reports < 4.11.37 - Authenticated Arbitrary File Download

Description

The plugin allows a WordPress site administrator or collaborator to download arbitrary files from the host file system though the plugin functionality of downloading .sql, .sql.zip or .sql.gz files created by the WordPress administrator.

The file name to download is not sanitized and path traversal can be
injected in the request.

Proof of Concept

Affects Plugins

Plugin icon
elisqlreports
Fixed in 4.11.37

References

Exploitdb
38176

Miscellaneous

Submitter
Felipe Molina
Submitter twitter
felmoltor
Verified
No
WPVDB ID
1764f905-f6d1-422b-b68f-749940e3796e

Timeline

Publicly Published
2015-09-14 (about 10 years ago)
Added
2015-09-15 (about 10 years ago)
Last Updated
2019-10-29 (about 6 years ago)

Other

Published
Title
Published
2020-10-09
Title
Autoptimize < 2.7.8 - Arbitrary File Upload via "Import Settings"
Published
2024-10-28
Title
AR For Woocommerce < 7.0 - Unauthenticated Arbitrary File Upload
Published
2022-02-14
Title
WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Malicious SVG
Published
2020-07-16
Title
JetBackup < 1.4.0 - Arbitrary File Upload via CSRF
Published
2024-04-22
Title
WP-Lister Lite for eBay < 3.6.0 - Authenticated (Shop Manager+) Arbitrary File Upload