vendor:
Viva Thumbs Plugin for WordPress
by:
5.5
CVSS
MEDIUM
Information Disclosure
CWE
Product Name: Viva Thumbs Plugin for WordPress
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: WordPress
Mediatricks Viva Thumbs Plugin for WordPress Information Disclosure Vulnerabilities
The Mediatricks Viva Thumbs plugin for WordPress is prone to multiple information-disclosure vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues using directory-traversal strings to confirm the existence of local files outside of the WordPress webroot. Information obtained can aid in launching further attacks.
Mitigation:
Update to the latest version of the Mediatricks Viva Thumbs plugin for WordPress.