edit-icon download-icon

[Vulnerability notice] Arbitrary file download vulnerability in the Wordpress Ajax Store Locator plug-in

Last Updated: Nov 23, 2017

Description

The Wordpress Ajax Store Locator plug-in has a severe security vulnerability that may allow hackers to remotely download files from the server.

Attackers may also construct malicious requests to download sensitive files from the server, and further embed website webshell files to control the website server host.

Affected versions

Wordpress Ajax Store Locator <= 1.2

Fix

Go to the Wordpress management backend and update the Wordpress Ajax Store Locator plug-in to the latest version.

Thank you! We've received your feedback.