Multiple plugins - Unauthenticated Dompdf Local File Inclusion (LFI)



Description
Multiple plugins were found to be vulnerable to the Dompdf unauthenticated Local File Inclusion (LFI) vulnerability (CVE-2014-2383).
Proof of Concept The PoC will be displayed on April 07, 2020, to give users the time to update.

Affects Plugins

no known fix
- plugin closed
no known fix
- plugin closed
no known fix
- plugin closed
no known fix
- plugin closed
no known fix
- plugin closed
no known fix
- plugin closed

References

CVE 2014-2383
URL https://github.com/dompdf/dompdf

Classification

Type LFI
OWASP Top 10 A1: Injection
CWE CWE-22

Miscellaneous

Original Researcher Random Robbie
Submitter Twitter Random_Robbie
Views 842
Verified Yes
WPVDB ID 10149

Timeline

Publicly Published 2020-03-24 (10 days ago)
Added 2020-03-25 (8 days ago)
Last Updated 2020-03-26 (8 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin