WordPress Plugin Vulnerabilities

WP Cost Estimation < 9.660 - Upload Directory Traversal

Description

The WP_Estimation_Form WordPress plugin was affected by an Upload Directory Traversal security vulnerability.

Affects Plugins

Plugin icon
WP_Estimation_Form
Fixed in 9.660

References

URL
https://www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-estimation-plugin/
URL
https://www.zdnet.com/article/another-wordpress-commercial-plugin-gets-exploited-in-the-wild/

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Original Researcher
Wordfence
Submitter
Chris
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
09051201-9875-441a-8e8a-8ab0da252a98

Timeline

Publicly Published
2019-02-14 (about 5 years ago)
Added
2019-02-14 (about 5 years ago)
Last Updated
2019-11-01 (about 4 years ago)

Other

Published
Title
Published
2021-02-08
Title
Backup by Supsystic <= 2.3.9 - Authenticated Arbitrary File Download and Deletion
Published
2023-05-15
Title
Snow Monkey Forms < 5.0.7 - Unauthenticated Path Traversal
Published
2022-10-31
Title
Booster for WooCommerce - ShopManager+ Arbitrary File Download
Published
2021-04-27
Title
WP Fastest Cache < 0.9.1.7 - Authenticated Arbitrary File Deletion via Path Traversal
Published
2019-07-23
Title
WPS Child Themes Generator <= 1.1 - Path Traversal