WordPress Plugin Vulnerabilities

Media from FTP <= 9.84 - Authenticated Directory Traversal

Description

The Media from FTP WordPress plugin was affected by an Authenticated Directory Traversal security vulnerability.

Affects Plugins

Plugin icon
media-from-ftp
Fixed in 9.85

References

CVE
CVE-2018-5310
URL
https://github.com/d4wner/Vulnerabilities-Report/blob/master/media-from-ftp.md
URL
https://plugins.trac.wordpress.org/changeset/1799375/media-from-ftp

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
6.5 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
cff2cd9d-a938-48a1-b16c-6243e8475b31

Timeline

Publicly Published
2018-01-08 (about 8 years ago)
Added
2018-01-09 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-04-03
Title
include-file <= 1 - Authenticated (Contributor+) Arbitrary File Download
Published
2019-01-16
Title
Shortcode Factory < 2.8 - Local File Inclusion
Published
2024-04-05
Title
Media Library Folders < 8.1.9 - Authenticated (Author+) Directory Traversal
Published
2014-08-01
Title
jQuery Mega Menu 1.0 - Local File Inclusion
Published
2022-05-17
Title
Popup Box < 2.2 - Admin+ LFI