WordPress Firestats Plugin <= 1.6.5 - Remote Configuration File Download

firestats

Software
FireStats
Versions
<= 1.6.5
Disclosure date
2010-07-09
CVE
CVE-N/A
References
Credits
Classification
Arbitrary File Download
OWASP Top 10

Are your websites subject to this vulnerability?

Details

This Firestats plugin is prone to remote file-include vulnerability. It fails to clean user data sufficiently. The attacker may compromise the application and the other attacks are possible.

Solution

Update the plugin.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.