The Eshop Magic plugin for WordPress is not secure in versions before 0.2. A type of attack called Arbitrary File Disclosure can be used to access files that contain sensitive information from the server without needing to be authenticated. This attack uses the ‘file’ parameter to read the content of the files.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
