WordPress Plugin Vulnerabilities

DM Albums - Multiple Remote File Disclosure

Description

The dm-albums WordPress plugin was affected by a Multiple Remote File Disclosure security vulnerability.

Affects Plugins

Plugin icon
dm-albums
No known fix

References

CVE
CVE-2009-2396
Exploitdb
9048
Exploitdb
9043

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Verified
No
WPVDB ID
e2566a74-9c60-46bb-9843-9480c82a703f

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-11-28 (about 6 years ago)

Other

Published
Title
Published
2024-06-28
Title
Newspack Blocks < 3.0.9 - Authenticated (Contributor+) Arbitrary Directory Deletion
Published
2025-02-21
Title
MyTicket Events <= 1.2.4 - Unauthenticated Limited File Read
Published
2026-04-20
Title
Everest Forms < 3.4.5 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter
Published
2025-07-01
Title
Home Villas | Real Estate WordPress Theme <= 2.8 - Authenticated (Subscriber+) Arbitrary File Deletion
Published
2025-02-02
Title
Sports Rankings and Lists <= 1.0.2 - Unauthenticated Arbitrary File Download