WordPress Plugin Vulnerabilities

MDC YouTube Downloader <= 2.1.0 - Local File Inclusion

Description

The MDC YouTube Downloader WordPress plugin was affected by a Local File Inclusion security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
mdc-youtube-downloader
Fixed in 2.1.1

References

CVE
CVE-2015-5469
URL
https://packetstormsecurity.com/files/#132595/
URL
https://twitter.com/_larry0/status/616420692448284672
URL
https://plugins.trac.wordpress.org/changeset/1191915/mdc-youtube-downloader

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
7.5 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
7d90ffd4-a500-4ba0-92c2-78f8d41ff20c

Timeline

Publicly Published
2015-07-02 (about 10 years ago)
Added
2015-07-05 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-09-26
Title
Event Manager, Events Calendar, Tickets, Registrations – Eventin < 4.0.9 - Authenticated (Contributor+) Local File Inclusion
Published
2025-03-25
Title
Jobs for WordPress < 2.7.12 - Authenticated (Subscriber+) Arbitrary File Read
Published
2024-10-14
Title
Ahime Image Printer <= 1.0.0 - Unauthenticated Arbitrary File Download
Published
2025-06-19
Title
HUSKY < 1.3.7.1 - Contributor+ Local File Inclusion
Published
2014-12-29
Title
Sell Downloads 1.0.1 - Arbitrary File Disclosure