Lucene search

Apple502jPATCHSTACK:A3D89D7E20AED5AF084ED706224E8C33

HistoryJun 23, 2021 - 12:00 a.m.

WordPress WP Image Zoom plugin <= 1.46 - Local File Inclusion (LFI) vulnerability

2021-06-2300:00:00

apple502j

patchstack.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Local File Inclusion vulnerability discovered by apple502j in WordPress WP Image Zoom plugin (versions <= 1.46).

Solution

           Update the WordPress WP Image Zoom plugin to the latest available version (at least 1.47.1).

CPENameOperatorVersion
wp image zoomle1.46

CPE	Name	Operator	Version
	wp image zoom	le	1.46

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24447

wordpress.org/plugins/wp-image-zoooom/#developers

wpscan.com/vulnerability/fb9dbcdf-4ffd-484d-9b67-283683d050fd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for PATCHSTACK:A3D89D7E20AED5AF084ED706224E8C33