WordPress Plugin Vulnerabilities

Paid Memberships Pro 1.7.14.2 - Path Traversal

Description

The Paid Memberships Pro WordPress plugin was affected by a Path Traversal security vulnerability.

Affects Plugins

Plugin icon
paid-memberships-pro
Fixed in 1.7.15

References

CVE
CVE-2014-8801
URL
https://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
Kacper Szurek
Submitter website
http://security.szurek.pl/
Submitter twitter
kacperszurek
Verified
No
WPVDB ID
3ff10f79-123c-4faf-9fe6-8ea904e26f33

Timeline

Publicly Published
2014-11-19 (about 11 years ago)
Added
2014-11-19 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2014-09-28
Title
lote27 Theme - Arbitrary File Download
Published
2024-08-15
Title
JetTabs < 2.2.3.1 - Authenticated (Contributor+) Arbitrary Local File Inclusion
Published
2016-07-13
Title
Easy Forms for MailChimp < 6.1 - Local File Inclusion (LFI)
Published
2022-05-16
Title
Counter Box < 1.2 - Admin+ LFI
Published
2024-11-08
Title
WPLMS Learning Management System for WordPress < 4.963 - Unauthenticated Arbitrary File Read and Deletion