Detections
Analytics
Browser Rejector Plugin for WordPress 'wppath' Parameter Remote File Inclusion
high Nessus Plugin ID 64247
Language:
Synopsis
The remote web server contains a PHP script that is affected by a remote file inclusion vulnerability.Description
The Browser Rejector Plugin for WordPress installed on the remote host is affected by a remote file inclusion vulnerability due to a failure to properly sanitize user-supplied input to the 'wppath' parameter of the 'rejectr.js.php' script. This vulnerability could allow an unauthenticated, remote attacker to view arbitrary files or execute arbitrary PHP code, possibly taken from third-party hosts, on the remote host.Solution
Upgrade to version 2.11 or later.See Also
https://wordpress.org/plugins/browser-rejector/#changelog
https://plugins.trac.wordpress.org/changeset/648432/browser-rejector
Plugin Details
Severity: High
ID: 64247
File Name: wordpress_browser_rejector_wppath_rfi.nasl
Version: 1.11
Type: remote
Family: CGI abuses
Published: 1/25/2013
Updated: 5/14/2025
Supported Sensors: Nessus
Enable CGI Scanning: true
Vulnerability Information
CPE: cpe:/a:wordpress:wordpress
Required KB Items: installed_sw/WordPress, www/PHP
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 1/5/2013
Vulnerability Publication Date: 1/5/2013
Reference Information
BID: 57220