Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
WordPress GI-Media Library Plugin Directory Traversal Vulnerability
Vulnerability
A directory traversal vulnerability has been identified in the GI-Media Library plugin for WordPress, affecting versions prior to 3.0. The vulnerability arises from improper validation of the 'fileid' parameter, allowing unauthenticated attackers to read arbitrary files on the server. This could lead to the exposure of sensitive information.
Impact
Exploitation of this vulnerability allows for arbitrary file reading on the server, potentially leading to the disclosure of sensitive information.
Reproduction
The vulnerability can be reproduced by sending a request to the WordPress site with the GI-Media Library plugin installed, using a crafted 'fileid' parameter that traverses directories. This can be done manually or with a tool like Metasploit, which has a module specifically for this vulnerability.
Remediation
Users are advised to update the GI-Media Library plugin to version 3.0 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.