Ad Inserter <= 2.4.19 - Authenticated Path Traversal



Description
Edit (WPScanTeam):

Even though the original advisory mentions that it only affect accounts with the administrator privilege, subscriber accounts and above can exploit the issue, as the nonce can be retrieved when submitting a request with a specific cookie, as described at https://www.wordfence.com/blog/2019/07/critical-vulnerability-patched-in-ad-inserter-plugin/

Affects Plugin

fixed in version 2.4.20

References

URL https://www.synacktiv.com/ressources/advisories/WordPress_ad_inserter.pdf

Classification

Type TRAVERSAL
CWE CWE-22

Miscellaneous

Original Researcher Wilfried Becard (Synacktiv.com)
Views 1300
Verified Yes
WPVDB ID 9453

Timeline

Publicly Published 2019-07-12 (12 days ago)
Added 2019-07-12 (11 days ago)
Last Updated 2019-07-16 (7 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin