WordPress Plugin Vulnerabilities

wp-instance-rename <= 1.0 - Arbitrary File Download

Description

The wp-instance-rename WordPress plugin was affected by an Arbitrary File Download security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
wp-instance-rename
No known fix

References

CVE
CVE-2015-4703
URL
https://packetstormsecurity.com/files/#132460/
URL
https://www.openwall.com/lists/oss-security/2015/06/23/5

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
5.3 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
3ee48860-ea39-410c-97e2-45cd5d29a119

Timeline

Publicly Published
2015-06-23 (about 10 years ago)
Added
2015-06-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-06-13
Title
Image Resizer On The Fly <= 1.1 - Unauthenticated Arbitrary File Deletion
Published
2018-12-07
Title
WP Payeezy Pay < 2.98 - Local File Inclusion
Published
2012-07-10
Title
A Page Flip Book 2.3 - index.php pageflipbook_language Parameter Traversal Local File Inclusion
Published
2024-07-26
Title
Grow by Tradedoubler < 2.0.22 - Unauthenticated LFI
Published
2026-03-12
Title
Energox < 1.3 - Authenticated (Subscriber+) Arbitrary File Deletion