JM Twitter Cards <= 6.1 - Full Path Disclosure (FPD)

Affects Plugin

fixed in version 6.2

References

URL https://security.dxw.com/advisories/full-path-disclosure-vulnerability-in-jm-twitter-cards-reveals-the-location-of-the-wordpress-installation-on-the-server/
URL https://github.com/TweetPressFr/jm-twitter-cards/issues/53

Classification

Type FPD
OWASP Top 10 A6: Security Misconfiguration
CWE CWE-200

Miscellaneous

Submitter ethicalhack3r
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 6623
Verified No
WPVDB ID 8211

Timeline

Publicly Published 2015-10-12 (over 4 years ago)
Added 2015-10-12 (over 4 years ago)
Last Updated 2019-10-31 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin