WordPress Plugin Vulnerabilities

WP Content Source Control < 3.1.1 - Path Traversal

Description

The WP Source Control WordPress plugin was affected by a Path Traversal security vulnerability.

Affects Plugins

Plugin icon
wp-source-control
Fixed in 3.1.1

References

CVE
CVE-2014-5368
URL
https://www.openwall.com/lists/oss-security/2014/08/19/3
URL
https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_source_control_file_read.rb

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
admin
Verified
No
WPVDB ID
95e3dff8-b385-40ea-a715-bdef59979c8b

Timeline

Publicly Published
2014-09-17 (about 11 years ago)
Added
2014-09-17 (about 11 years ago)
Last Updated
2020-10-25 (about 5 years ago)

Other

Published
Title
Published
2024-11-15
Title
PDF Generator Addon for Elementor Page Builder < 2.0.1 - Unauthenticated Arbitrary File Download
Published
2025-07-15
Title
Counter live visitors for WooCommerce < 1.3.7 - Unauthenticated Arbitrary File Deletion in wcvisitor_get_block
Published
2025-04-16
Title
WP Editor < 1.2.9.2 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update
Published
2026-03-20
Title
Scape - Multipurpose WordPress theme < 1.5.16 - Unauthenticated Arbitrary File Deletion
Published
2025-07-23
Title
Latepoint < 5.1.94 - Unauthenticated LFI