WordPress Plugin Vulnerabilities

CP Image Store with Slideshow <= 1.0.5 - Arbitrary File Download

Description

The CP Image Store with Slideshow WordPress plugin was affected by an Arbitrary File Download security vulnerability.

Affects Plugins

Plugin icon
cp-image-store
Fixed in 1.0.6

References

Exploitdb
37559
URL
https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_cp_image_storage_file_read.rb

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
3b71ab94-0435-496e-992d-597f54d03311

Timeline

Publicly Published
2015-07-10 (about 10 years ago)
Added
2015-07-13 (about 10 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2023-11-20
Title
CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Deletion
Published
2025-07-31
Title
BuddyPress XProfile Custom Image Field < 3.1.0 - Unauthenticated Arbitrary File Deletion
Published
2017-06-22
Title
WP Rocket <= 2.10.3 - Local File Inclusion (LFI)
Published
2025-09-25
Title
Backuply < 1.4.9 - Admin+ Arbitrary File Deletion
Published
2025-07-14
Title
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. < 2.2.2 - Directory Traversal to Arbitrary File Move