oss-sec mailing list archives

Wordpress Plugin: FTP To Zip 1.8

From: 0pc0deFR <0pc0defr () gmail com>
Date: Sun, 21 Jun 2015 13:50:47 +0200

Hello,

The FTP To Zip 1.8 wordpress plugin is vulnerable to unauthenticated
execution. With vulnerability, you can create a zip archive for Wordpress
install and you can download this archive (
http://domain.tld/wp-content/plugins/ftp-to-zip/backup.php).
A need CVE please.

Download plugin: https://downloads.wordpress.org/plugin/ftp-to-zip.1.8.zip

--
Cordialement,

Kévin FALCOZ alias 0pc0deFR - Consultant Expert WordPress -
http://wordpress-expertise.fr

--
Regards,

Kévin FALCOZ aka 0pc0deFR - WordPress Expert Consultant -
http://wordpress-expertise.fr

Current thread:

Wordpress Plugin: FTP To Zip 1.8 0pc0deFR (Jun 21)
- Re: Wordpress Plugin: FTP To Zip 1.8 cve-assign (Jun 22)
- Re: Wordpress Plugin: FTP To Zip 1.8 Abhishek Ghosh (Jun 22)