WPS Child Themes Generator <= 1.1 – Path Traversal | CVE 2019-15822

Affects Plugins

wps-child-theme-generator

Fixed in 1.2

References

CVE

CVE-2019-15822

URL

https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/

Classification

Type

TRAVERSAL

OWASP top 10

A1: Injection

CWE

CWE-22

CVSS

9.8 (critical)

Miscellaneous

Original Researcher

Julio Potier

Verified

No

WPVDB ID

ed929354-8f03-4d2e-acc8-02b606ffc9f1

Timeline

Publicly Published

2019-07-23 (about 4 years ago)

Added

2019-07-23 (about 4 years ago)

Last Updated

2020-09-22 (about 3 years ago)

Other

Published

Title

Published

2022-03-01

Title

Folders Disclosure via Outdated jQueryFileTree Library

Published

2015-09-30

Title

mTheme Unus < 2.3 - Directory Traversal

Published

2021-07-05

Title

Haxcan <= 1.0.0 - Arbitrary File Access

Published

2022-09-06

Title

BackupBuddy < 8.7.5 - Unauthenticated Arbitrary File Access

Published

2021-12-14

Title

True Ranker < 2.2.4 - Unauthenticated Arbitrary File Access via Path Traversal