Directory Traversal Vulnerability in Paid Memberships Pro Plugin for WordPress
CVE-2014-8801

Currently unrated

Key Information:

Vendor

Wordpress
Status
Paid Memberships Pro
Vendor
CVE Published:
28 November 2014

What is CVE-2014-8801?

The Paid Memberships Pro plugin for WordPress contains a directory traversal vulnerability in the services/getfile.php file. This security loophole allows remote attackers to exploit the plugin by manipulating the QUERY_STRING parameter during a getfile action directed at wp-admin/admin-ajax.php. By inserting a .. (dot dot) sequence, attackers can gain unauthorized access to arbitrary files on the server, potentially leading to exposure of sensitive information. Users of versions prior to 1.7.15 are particularly at risk and are strongly urged to update to the latest version to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.paidmembershipspro.com/2014/11/critical-securi...
x_refsource_CONFIRM
http://packetstormsecurity.com/files/129189/Paid-Membersh...
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/98805
vdb-entryx_refsource_XF

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.