Wordpress simple-image-manipulator plugin remote file download vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language. simple-image-manipulator is one of the image manipulator plugin. A remote file download vulnerability exists in Wordpress simple-image-manipulator plugin v1.0, which can be exploited by...

Remote file inclusion

Remote file download in simple-image-manipulator v1.0 wordpress plugin...

CVE-2015-1000010

Remote file download in simple-image-manipulator v1.0 wordpress plugin...

simple-image-manipulator <= 1.0 - Remote File Download

Plugin is still affected and has been closed. In ./simple-image-manipulator/controller/download.php no checks are made to authenticate the user or sanitize input when determining file location. $ curl...