WordPress Plugin Vulnerabilities

Health Check & Troubleshooting <= 1.2.3 - Authenticated Path Traversal

Description

The Health Check & Troubleshooting WordPress plugin was affected by an Authenticated Path Traversal security vulnerability.

Affects Plugins

Plugin icon
health-check
Fixed in 1.2.4

References

URL
https://www.synacktiv.com/ressources/advisories/WordPress_Health_Check_1.2.3_Vulnerabilities.pdf
URL
https://plugins.trac.wordpress.org/changeset/2011772/health-check

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Original Researcher
Julien Legras
Submitter
Julien Legras
Submitter website
https://www.synacktiv.com/
Verified
No
WPVDB ID
5eecc4a7-0b44-495d-9352-78dccebfc72a

Timeline

Publicly Published
2019-01-25 (about 6 years ago)
Added
2019-01-28 (about 6 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-06-24
Title
WordPress < 6.5.5 - Contributor+ Path Traversal in Template-Part Block
Published
2023-11-06
Title
Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing
Published
2021-07-29
Title
WordPress Download Manager < 3.1.25 - Authenticated Directory Traversal
Published
2014-08-01
Title
Advanced Dewplayer <= 1.2 - download-file.php dew_file Parameter Traversal Arbitrary File Access
Published
2023-12-01
Title
Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion