Description
Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php.
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50833
Patch, Vendor Advisory x_refsource_confirm
http://wordpress.org/plugins/zingiri-forum/changelog
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/89069
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/81156
Scores
EPSS
0.0320
EPSS Percentile
86.6%
Details
CWE
CWE-22
Status
published
Products (20)
zingiri/forums
1.0.0
zingiri/forums
1.0.1
zingiri/forums
1.0.2
zingiri/forums
1.0.3
zingiri/forums
1.0.4
zingiri/forums
1.0.5
zingiri/forums
1.0.6
zingiri/forums
1.0.7
zingiri/forums
1.0.8
zingiri/forums
1.0.9
... and 10 more
Published
Apr 04, 2014
Tracked Since
Feb 18, 2026