WordPress Plugin Vulnerabilities

Wp-ImageZoom <= 1.0.4 - File Disclosure

Description

The Wp-ImageZoom WordPress plugin was affected by a File Disclosure security vulnerability.

Affects Plugins

Plugin icon
wp-imagezoom
Fixed in 1.0.5

References

URL
https://packetstormsecurity.com/files/#113845/
URL
https://web.archive.org/web/20120702052742/https://www.opensyscom.fr/Actualites/wordpress-plugins-wp-imagezoom-remote-file-disclosure-vulnerability.html
URL
https://plugins.trac.wordpress.org/changeset/562139/wp-imagezoom
URL
https://plugins.trac.wordpress.org/changeset/561497/wp-imagezoom

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Verified
No
WPVDB ID
7d1e89b5-2985-4959-84c7-acab41dbb906

Timeline

Publicly Published
2012-06-18 (about 13 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2026-04-08
Title
MW WP Form < 5.1.2 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys
Published
2016-05-24
Title
WP Fastest Cache <= 0.8.5.7 - Local File Inclusion (LFI)
Published
2026-04-20
Title
wpForo Forum < 3.0.6 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path
Published
2016-03-23
Title
Brandfolder <= 3.0 - File Inclusion
Published
2025-09-29
Title
All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter