WordPress Plugin Vulnerabilities

Multi Plugin Installer < 1.2.0 - Unauthenticated File Traversal

Description

The multi-plugin-installer WordPress plugin was affected by an Unauthenticated File Traversal security vulnerability.

Affects Plugins

Plugin icon
multi-plugin-installer
Fixed in 1.2.0

References

URL
http://cinu.pl/research/wp-plugins/mail_2461e0b03bcce05cd091af609ce568b9.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
d0719bd4-0ed6-4a6b-aabe-dd36a732bcde

Timeline

Publicly Published
2015-08-24 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2025-06-26
Title
Frontend Admin by DynamiApps < 3.28.8 - Authenticated (Editor+) Arbitrary File Deletion
Published
2025-01-06
Title
MIPL WC Multisite Sync < 1.1.6 - Unauthenticated Arbitrary File Download
Published
2024-06-06
Title
Qi Addons For Elementor < 1.7.3 - Authenticated (Contributor+) Local File Inclusion
Published
2025-12-11
Title
WP Job Portal < 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read
Published
2024-09-23
Title
WooEvents < 4.1.3 - Unauthenticated Arbitrary File Overwrite