CVE-2015-4694 in Zip Attachments Plugininfo

Summary

Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

06/19/2015

Disclosure

01/08/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
80114Zip Attachments Plugin download.php path traversal22Not definedOfficial fixCVE-2015-4694

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext