WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities

Web Technology Wire


WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities

Exploit Title: WordPress Daily Edition Theme /thumb.php src Parameters Information Leakage Security Vulnerabilities

Product: WordPress Daily Edition Theme

Vendor: WooThemes

Vulnerable Versions: v1.6.* v1.5.* v1.4.* v1.3.* v1.2.* v1.1.* v.1.0.*

Tested Version: v1.6.2

Advisory Publication: March 10, 2015

Latest Update: March 10, 2015

Vulnerability Type: Information Exposure [CWE-200]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Advisory Details:

(1) Vendor & Product Description:



Product & Vulnerable Versions:

WordPress Daily Edition Theme

version 1.6.7

version 1.6.6

version 1.6.5

version 1.6.4

version 1.6.3

version 1.6.2

version 1.6.1

version 1.6

version 1.5

version 1.4.11

version 1.4.10

version 1.4.9

version 1.4.8

version 1.4.7

version 1.4.6

version 1.4.5

version 1.4.4

version 1.4.3

version 1.4.2

version 1.4.1

version 1.4.0

version 1.3.2

version 1.3.1

View original post 341 more words


About essaybeans

Getting realistic and idealistic at the same time.
This entry was posted in Computer & Web Technology. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s