WordPress Plugin Vulnerabilities

WP Marketplace <= 2.4.0 - Arbitrary File Download

Description

The wpmarketplace WordPress plugin was affected by an Arbitrary File Download security vulnerability.

Affects Plugins

Plugin icon
wpmarketplace
Fixed in 2.4.1

References

CVE
CVE-2014-9013
CVE
CVE-2014-9014
Exploitdb
36466
URL
https://packetstormsecurity.com/files/#131018/
URL
https://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
8.8 (high)

Miscellaneous

Submitter
Kacper Szurek
Submitter website
http://security.szurek.pl/
Submitter twitter
KacperSzurek
Verified
No
WPVDB ID
b3f1bc9e-363f-4e14-95b9-0fad4aeb76a1

Timeline

Publicly Published
2015-03-21 (about 11 years ago)
Added
2015-03-22 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-05-19
Title
Chauffeur Taxi Booking System for WordPress < 7.0 - Authentication Bypass
Published
2024-09-30
Title
Wechat Social login <= 1.3.0 - Authentication Bypass
Published
2016-09-19
Title
Order Export Import for WooCommerce 1.0.8 - Order Information Disclosure
Published
2026-04-14
Title
Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email
Published
2024-10-28
Title
Crypto < 2.20 - Authentication Bypass via register