WordPress Plugin Vulnerabilities

WP Hide & Security Enhancer < 1.4 - Arbitrary File Download

Description

The WP Hide & Security Enhancer WordPress plugin was affected by an Arbitrary File Download security vulnerability.

Affects Plugins

Plugin icon
wp-hide-security-enhancer
Fixed in 1.4

References

URL
https://secupress.me/blog/arbitrary-file-download-vulnerability-in-wp-hide-security-enhancer-1-3-9-2/

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
e2c0ed4e-653b-4fe6-bedc-e00d6b127e57

Timeline

Publicly Published
2017-07-21 (about 8 years ago)
Added
2017-07-21 (about 8 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2015-07-10
Title
CP Image Store with Slideshow <= 1.0.5 - Arbitrary File Download
Published
2025-03-10
Title
HUSKY < 1.3.6.6 - Unauthenticated Local File Inclusion
Published
2015-05-19
Title
Simple Backup <= 2.7.10 - Arbitrary File Download
Published
2025-08-12
Title
Multiple elFinder Plugins - Arbitrary File Deletion via Traversal
Published
2025-02-14
Title
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP < 6.2.1 - Unauthenticated Arbitrary File Deletion