CVE-2015-10105 in IP Blacklist Cloud Plugin
Summary
by MITRE • 05/01/2023
A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The identifier of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/27/2026
The vulnerability CVE-2015-10105 represents a critical path traversal flaw in the IP Blacklist Cloud Plugin for WordPress, specifically affecting versions up to 3.42. This vulnerability resides within the CSV File Import functionality and exploits the valid_js_identifier function in the ip_blacklist_cloud.php file. The flaw occurs when the filename argument is manipulated, allowing attackers to traverse the file system and access unauthorized files. The vulnerability's classification as critical indicates its potential for severe impact on system security and data integrity.
The technical implementation of this vulnerability stems from inadequate input validation and sanitization within the plugin's file handling mechanisms. When the plugin processes CSV import requests, it fails to properly validate the filename parameter, creating an opportunity for attackers to inject malicious path traversal sequences such as ../ or ..\ into the filename argument. This allows an attacker to navigate the file system beyond the intended directory boundaries and potentially access sensitive files including configuration files, database credentials, or other system resources. The vulnerability's remote exploitability means that attackers can leverage this flaw without requiring local system access, making it particularly dangerous for web applications.
The operational impact of this vulnerability extends beyond simple unauthorized file access, as it can lead to complete system compromise when combined with other attack vectors. An attacker who successfully exploits this path traversal vulnerability could potentially read sensitive configuration files, access user data, or even upload malicious files to the server. The vulnerability's presence in a WordPress plugin means that affected sites could become part of a botnet, serve as command and control centers, or experience data breaches that compromise user privacy and system integrity. This type of vulnerability aligns with CWE-22 Path Traversal and represents a common attack pattern documented in the MITRE ATT&CK framework under the technique of "Path Traversal" within the Initial Access and Execution phases.
The recommended remediation involves upgrading the affected plugin to version 3.43, which includes the patch identified by the commit hash 6e6fe8c6fda7cbc252eef083105e08d759c07312. This upgrade addresses the core input validation issue by implementing proper sanitization of the filename parameter and enforcing strict directory boundaries during file operations. Organizations should also consider implementing additional security measures such as web application firewalls, input validation at multiple layers, and regular security audits of installed plugins to prevent similar vulnerabilities from being exploited. The vulnerability's assignment to VDB-227757 indicates it was catalogued in the Vulnerability Database, highlighting the importance of maintaining up-to-date vulnerability intelligence for effective security management.