Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in 3 plugins by minumus

  • Severity: high-risk
  • Status: Open
  • Publication: October 10, 2016

The SAM Pro (Free Edition) plugin for WordPress has a security vulnerability in versions up to 1.9.7.68. Attackers who are authenticated can use the ‘wap’ parameter to include and execute any type of file on the server, including PHP code. This could allow them to bypass access controls, access sensitive data, or execute code. In some configurations, the plugin is also vulnerable to Remote File Inclusion, which would allow attackers to include remote files on the server, resulting in code execution.

Detected in:

SAM Pro Lite fixed vulnerable versions: >= * < 1.9.0.53
Simple Ads Manager fixed vulnerable versions: >= * <= 2.10.0.130
SAM Pro (Free Edition) open vulnerable versions: >= * < 1.9.7.69

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.