CVE-2014-8801: Path Traversal
First published: Fri Nov 28 2014(Updated: )
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Strangerstudios Paid Memberships Pro | <1.7.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/129189/Paid-Memberships-Pro-1.7.14.2-Path-Traversal.html
- http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html
- http://www.exploit-db.com/exploits/35303
- http://www.paidmembershipspro.com/2014/11/critical-security-update-pmpro-v1-7-15/
- http://www.securityfocus.com/bid/71293
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98805
- https://wordpress.org/plugins/paid-memberships-pro/changelog/
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/strangerstudios
- canonical/strangerstudios paid memberships pro