WordPress Spellchecker Plugin 3.1 - Local and Remote File Include Vulnerabilities

spellchecker

Software
Spell Checker
Versions
<= 3.1
Disclosure date
2011-04-12
CVE
CVE-N/A
References
Credits
Classification
Multiple Vulnerabilities
OWASP Top 10

Are your websites subject to this vulnerability?

Details

This Spellchecker plugin's "general.php" parameter is prone to remote file include and local file include vulnerabilities because of application's failure to sufficiently clean up user-supplied input. These issues allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process. Other attacks are also possible.

Solution

Update the plugin.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.