CVE-2014-8801
Paid Memberships Pro < 1.7.15 - Directory Traversal
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
Vulnerabilidad de salto de directorio en services/getfile.php en el plugin Paid Memberships Pro anterior a 1.7.15 para WordPress permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en QUERY_STRING en una acción getfile en wp-admin/admin-ajax.php.
Paid Memberships Pro version 1.7.14.2 suffers from a path traversal vulnerability.
*Credits:
Kacper Szurek
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-11-13 CVE Reserved
- 2014-11-14 CVE Published
- 2014-11-19 First Exploit
- 2024-08-06 CVE Updated
- 2024-10-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html | Broken Link | |
| http://www.paidmembershipspro.com/2014/11/critical-security-update-pmpro-v1-7-15 | Release Notes | |
| http://www.securityfocus.com/bid/71293 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98805 | Third Party Advisory | |
| https://wordpress.org/plugins/paid-memberships-pro/changelog | Release Notes |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/35303 | 2014-11-19 | |
| http://packetstormsecurity.com/files/129189/Paid-Memberships-Pro-1.7.14.2-Path-Traversal.html | 2024-08-06 | |
| http://www.exploit-db.com/exploits/35303 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Strangerstudios Search vendor "Strangerstudios" | Paid Memberships Pro Search vendor "Strangerstudios" for product "Paid Memberships Pro" | < 1.7.15 Search vendor "Strangerstudios" for product "Paid Memberships Pro" and version " < 1.7.15" | wordpress |
Affected
| ||||||