In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocity_min_files action.
| package | channel | channel version | pkg version | status |
| minify | ||||
| nixos-unstable | ||||
| 2020-09-26 18:00:31 UTC (daaa0e) | 2.7.4 | vulnerable | ||
| 2020-09-22 06:20:19 UTC (117984) | 2.7.4 | vulnerable | ||
| 2020-09-20 14:15:15 UTC (2a35f6) | 2.7.4 | vulnerable | ||
| 2020-09-17 11:50:39 UTC (441a7d) | 2.7.4 | vulnerable | ||
| 2020-09-13 20:25:41 UTC (e0759a) | 2.7.4 | vulnerable | ||
| 2020-09-09 05:00:30 UTC (615251) | 2.7.4 | vulnerable | ||
| 2020-09-07 23:05:17 UTC (a31736) | 2.7.4 | vulnerable | ||
| 2020-08-21 13:45:23 UTC (c59ea8) | 2.7.4 | vulnerable | ||
| 2020-08-20 14:30:38 UTC (bd0e64) | 2.7.4 | vulnerable | ||
| 2020-08-18 11:40:31 UTC (1e3f09) | 2.7.4 | vulnerable | ||
| 2020-08-16 22:30:30 UTC (16fc53) | 2.7.4 | vulnerable | ||
| 2020-08-11 20:35:42 UTC (32b46d) | 2.7.4 | vulnerable | ||
| 2020-08-09 23:40:38 UTC (96069f) | 2.7.4 | vulnerable | ||
| 2020-08-08 21:40:41 UTC (b50ef9) | 2.7.4 | vulnerable | ||
| 2020-08-06 07:10:34 UTC (8e2b14) | 2.7.4 | vulnerable | ||
| 2020-08-01 20:25:27 UTC (840c78) | 2.7.4 | vulnerable | ||
| 2020-07-30 16:20:14 UTC (a45f68) | 2.7.4 | vulnerable | ||
| 2020-07-27 02:15:25 UTC (28fce0) | 2.7.4 | vulnerable | ||
| 2020-07-21 10:20:30 UTC (5717d9) | 2.7.4 | vulnerable | ||
| 2020-07-19 07:30:35 UTC (a5cc7d) | 2.7.4 | vulnerable | ||
| 2020-07-14 14:55:34 UTC (c71518) | 2.7.4 | vulnerable | ||
| 2020-07-10 20:40:38 UTC (8d0577) | 2.7.4 | vulnerable | ||
| 2020-07-05 17:55:12 UTC (dc80d7) | 2.7.4 | vulnerable | ||
| 2020-07-04 17:20:26 UTC (f7c750) | 2.7.4 | vulnerable | ||
| 2020-07-03 00:25:29 UTC (55668e) | 2.7.4 | vulnerable | ||
| 2020-07-01 05:05:14 UTC (b3251e) | 2.7.4 | vulnerable | ||
| 2020-06-24 06:45:18 UTC (22a81a) | 2.7.4 | vulnerable | ||
| 2020-06-23 13:15:26 UTC (4cdd64) | 2.7.4 | vulnerable | ||
| 2020-06-18 22:40:25 UTC (9480ba) | 2.7.4 | vulnerable | ||
| 2020-06-18 18:00:15 UTC (14fcd9) | 2.7.4 | vulnerable | ||
| 2020-06-17 23:05:17 UTC (22c988) | 2.7.4 | vulnerable | ||
| 2020-06-14 21:35:35 UTC (0a1460) | 2.7.4 | vulnerable | ||
| 2020-06-07 12:15:36 UTC (029a5d) | 2.7.4 | vulnerable | ||
| 2020-06-03 08:40:24 UTC (467ce5) | 2.7.4 | vulnerable | ||
| 2020-05-29 19:15:13 UTC (135073) | 2.7.4 | vulnerable | ||
| 2020-05-28 16:20:35 UTC (46f975) | 2.7.4 | vulnerable | ||
| 2020-05-19 15:55:23 UTC (0f5ce2) | 2.7.3 | vulnerable | ||
| 2020-05-17 05:35:10 UTC (b47873) | 2.7.3 | vulnerable | ||
| 2020-05-16 06:35:37 UTC (32b8ed) | 2.7.3 | vulnerable | ||
| 2020-05-14 10:45:36 UTC (8ba41a) | 2.7.3 | vulnerable | ||
| 2020-05-14 05:55:25 UTC (9a29fe) | 2.7.3 | vulnerable | ||
| 2020-05-12 12:30:34 UTC (683c68) | 2.7.3 | vulnerable | ||
| 2020-04-29 22:20:14 UTC (fce756) | 2.7.3 | vulnerable | ||
| 2020-04-27 07:20:22 UTC (7c399a) | 2.7.3 | vulnerable | ||
| 2020-04-21 11:50:36 UTC (22a3bf) | 2.7.3 | vulnerable | ||
| 2020-04-20 18:55:24 UTC (b3c3a0) | 2.7.3 | vulnerable | ||
| 2020-04-17 16:30:35 UTC (b61999) | 2.7.3 | vulnerable | ||
| 2020-04-13 19:25:19 UTC (868692) | 2.7.3 | vulnerable | ||
| 2020-04-13 08:25:23 UTC (81a6a8) | 2.7.3 | vulnerable | ||
| 2020-04-12 06:15:29 UTC (807ca9) | 2.7.3 | vulnerable | ||
| 2020-04-10 15:20:38 UTC (9b0d2f) | 2.7.3 | vulnerable | ||
| 2020-04-08 01:15:40 UTC (39247f) | 2.7.3 | vulnerable | ||
| 2020-03-28 20:50:45 UTC (ae6bdc) | 2.7.3 | vulnerable | ||
| 2020-03-27 12:30:26 UTC (3320a0) | 2.7.3 | vulnerable | ||
| 2020-03-20 13:00:27 UTC (d96bd3) | 2.7.3 | vulnerable | ||
| 2020-03-19 18:00:27 UTC (ddf87f) | 2.7.3 | vulnerable | ||
| 2020-03-16 23:35:45 UTC (a2e06f) | 2.7.3 | vulnerable |