Ajax Pagination (twitter Style) Plugin for WordPress Local File Inclusion

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a PHP script that is affected by a
local file inclusion vulnerability.

Description :

The Ajax Pagination (twitter Style) plugin for WordPress installed on
the remote host is affected by a local file inclusion vulnerability
due to a failure to properly sanitize user-supplied input to the
'loop' parameter of the '/wp-admin/admin-ajax.php' script. A remote,
unauthenticated attacker can exploit this issue to execute arbitrary
PHP scripts on the remote host.

See also :


Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 73378 ()

Bugtraq ID: 66526