The Multi Plugin Installer plugin for WordPress had a security vulnerability that allowed unauthenticated attackers to read any file on the system. This vulnerability existed in versions before 1.2.0 and it was caused by two vulnerable parameters called ‘filepath’ and ‘filename’ which were part of the mpi_download_file function. After version 1.2.0, the vulnerability was fixed.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
