CVE-2014-8801

Currently unrated

Key Information:

Vendor: Wordpress
Status: Paid Memberships Pro
Vendor: CVE Published:; 28 November 2014

Summary

Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.

References

http://www.paidmembershipspro.com/2014/11/critical-securi...

x_refsource_CONFIRM

http://packetstormsecurity.com/files/129189/Paid-Membersh...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/98805

vdb-entryx_refsource_XF

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 28, 2014
Vulnerability Reserved
Nov 13, 2014