WordPress Plugin Vulnerabilities

JM Twitter Cards <= 6.1 - Full Path Disclosure (FPD)

Description

The JM Twitter Cards WordPress plugin was affected by a Full Path Disclosure (FPD) security vulnerability.

Affects Plugins

Plugin icon
jm-twitter-cards
Fixed in 6.2

References

URL
https://advisories.dxw.com/advisories/full-path-disclosure-vulnerability-in-jm-twitter-cards-reveals-the-location-of-the-wordpress-installation-on-the-server/
URL
https://github.com/TweetPressFr/jm-twitter-cards/issues/53

Classification

Type
FPD
OWASP top 10
A6: Security Misconfiguration
CWE
CWE-209

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
4f854ca4-2913-4539-88cc-633cd4465a4a

Timeline

Publicly Published
2015-10-12 (about 10 years ago)
Added
2015-10-12 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2014-08-01
Title
Dewplayer <= 1.2 - dewplayer.php Direct Request Path Disclosure Weakness
Published
2014-08-01
Title
JS MultiHotel 2.2.1 - Multiple Script Direct Request Path Disclosure
Published
2014-08-01
Title
Imperial Fairytale - Multiple Script Direct Request Path Disclosure
Published
2012-12-06
Title
Simple Gmail Login < 1.1.4 - FPD
Published
2014-08-01
Title
Studio Zen - Multiple Script Direct Request Path Disclosure