WordPress Plugin DukaPress 2.5.2 - Directory Traversal

A directory traversal vulnerability in the dpimgresize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the src parameter to lib/dpimage.php. id: CVE-2014-8799 info: name: WordPress Plugin...