WordPress Plugin Vulnerabilities

Category Page Icons <= 0.9.1 - Arbitrary File Upload/Deletion via Path Traversal

Description

v0.9.2 added a check to not allow direct access to the affected file. However the path traversal was not fixed

Plugin has been closed from repository.

Proof of Concept

Affects Plugins

Plugin icon
category-page-icons
No known fix

References

URL
https://www.exploit-database.net/?id=22413

Miscellaneous

Original Researcher
NULL_Pointer
Verified
No
WPVDB ID
9e57c2c6-1075-415c-88d7-1f33a08d565c

Timeline

Publicly Published
2014-09-29 (about 11 years ago)
Added
2020-03-13 (about 6 years ago)
Last Updated
2021-09-21 (about 4 years ago)

Other

Published
Title
Published
2017-11-13
Title
Formidable Forms < 2.05.03 - Multiple Vulnerabilities
Published
2016-12-14
Title
Podlove Podcast Publisher <= 2.3.15 - Multiple SQLi & XSS
Published
2014-08-01
Title
Comment Rating 2.9.23 - Multiple Vulnerabilities
Published
2019-01-10
Title
Ninja Forms < 3.3.21.3 - XSS and SQLi
Published
2015-07-11
Title
CP Contact Form with Paypal <= 1.1.5 - Multiple Vulnerabilities