CVE-2015-5065 in Paypal Currency Converter Basic Plugin
Summary
by MITRE
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/19/2025
The CVE-2015-5065 vulnerability represents a critical absolute path traversal flaw within the PayPal Currency Converter Basic For WooCommerce plugin, specifically affecting versions prior to 1.4. This vulnerability exists in the proxy.php file that handles Google currency lookup functionality, creating a significant security risk for WordPress installations. The flaw allows remote attackers to exploit a lack of proper input validation when processing the requrl parameter, enabling them to traverse the file system and access arbitrary files on the server. The vulnerability is particularly dangerous because it operates at the core level of WordPress plugin functionality, where currency conversion data is processed through external proxy mechanisms.
The technical implementation of this vulnerability stems from inadequate sanitization of user-supplied input within the proxy.php script. When the plugin processes currency conversion requests, it accepts a requrl parameter that should contain a valid URL for Google's currency lookup service. However, due to insufficient validation and filtering mechanisms, attackers can inject absolute file paths directly into this parameter. This allows malicious actors to bypass normal file access controls and retrieve sensitive files from the server filesystem, potentially including configuration files, database credentials, or other critical system resources. The vulnerability operates under CWE-22, which classifies it as an improper limitation of a pathname to a restricted directory, commonly known as path traversal or directory traversal attacks.
The operational impact of CVE-2015-5065 extends beyond simple file disclosure, as it provides attackers with a foothold for further exploitation within compromised WordPress environments. Successful exploitation can lead to complete system compromise, data exfiltration, and potential lateral movement within network infrastructure. Attackers can leverage this vulnerability to access WordPress configuration files, plugin files, theme files, and potentially database credentials stored in configuration files. The attack vector is particularly concerning because it requires no authentication and can be executed remotely, making it an attractive target for automated scanning tools. This vulnerability aligns with ATT&CK technique T1083 (File and Directory Discovery) and T1213 (Data from Information Repositories) as it enables attackers to discover and extract sensitive data from the target system.
Mitigation strategies for CVE-2015-5065 should prioritize immediate plugin updates to version 1.4 or later, which contains the necessary input validation fixes. System administrators should also implement proper input sanitization at multiple layers, including validating and filtering all user-supplied parameters before processing. Network-level protections such as web application firewalls can provide additional defense-in-depth measures by monitoring for suspicious path traversal patterns in HTTP requests. Regular security audits and penetration testing should be conducted to identify similar vulnerabilities in other plugins and themes. The remediation process should also include monitoring server logs for unusual file access patterns and implementing proper file system permissions to limit access to sensitive files. Organizations should maintain updated vulnerability management processes that include automated scanning for known vulnerabilities in their WordPress plugin ecosystem, ensuring that all third-party components remain current with security patches.