WordPress Dewplayer Plugin <= 1.2 - Full Path Disclosure

This plugin is prone to a direct rquest path disclosure weakness in dewplayer.php. Solution Update the plugin...

WordPress Dewplayer Plugin - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability in dewplayer-vinyl.swf xml and dewplayer-vinyl-en.swf xml parameters. Solution Update the plugin...

CVE-2013-7240

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the dewfile parameter...

Advanced Dewplayer Plugin for WordPress 'download-file.php'脚本目录遍历漏洞

Bugtraq ID:64587 CVE ID:CVE-2013-7240 WordPress是一种使用PHP语言开发的博客平台，用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress Advanced Dewplayer插件不正确限制对wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php脚本的访问，允许攻击者利用漏洞通过目录遍历序列读取任意文件。 0 WordPress Advanced Dewplayer Plugin 1.x 目前没有详细解决方案提供：...