Directory Traversal Vulnerability in GD bbPress Attachments Plugin for WordPress
CVE-2015-5482

Currently unrated

Key Information:

Vendor: Wordpress
Status: Gd Bbpress Attachments
Vendor: CVE Published:; 18 August 2015

Summary

A directory traversal vulnerability exists in the GD bbPress Attachments plugin for WordPress prior to version 2.3. This flaw allows remote administrators to manipulate file paths through the tab parameter on the gdbbpress_attachments page. By leveraging the .. (dot dot) notation, an attacker can potentially include and execute arbitrary local files on the server, which could lead to further compromise of the WordPress installation.

References

https://wordpress.org/plugins/gd-bbpress-attachments/chan...

x_refsource_CONFIRM

https://wpvulndb.com/vulnerabilities/8087

x_refsource_MISC

https://security.dxw.com/advisories/local-file-include-vu...

x_refsource_MISC

Timeline

Vulnerability published
Aug 18, 2015
Vulnerability Reserved
Jul 10, 2015