WordPress Plugin Vulnerabilities

IBS Mappro < 1.0 - Directory Traversal

Description

The ibs-mappro WordPress plugin was affected by a Directory Traversal security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
ibs-mappro
Fixed in 1.0

References

CVE
CVE-2015-5472
URL
https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_ibs_mappro_file_read.rb

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
Larry W. Cashdollar
Submitter twitter
_larry0
Verified
No
WPVDB ID
4f9fd5b3-b1d8-4f91-b008-844db587edc4

Timeline

Publicly Published
2015-07-10 (about 10 years ago)
Added
2015-07-11 (about 10 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2025-01-31
Title
Jupiterx Core < 4.8.8 - Authenticated (Contributor+) Arbitrary File Read
Published
2024-02-21
Title
Elementor Addon Elements < 1.13 - Contributor+ to LFI
Published
2014-12-08
Title
Ajax Store Locator <= 1.2 - Arbitrary File Download
Published
2025-03-14
Title
PluginPass <= 0.9.10 - Unauthenticated Arbitrary File Deletion
Published
2022-03-01
Title
Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE