English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.117055
Category:Web application abuses
Title:WordPress Multiple Plugins / Themes Directory Traversal / File Download Vulnerability (HTTP)
Summary:Multiple WordPress Plugins / Themes are prone to a directory; traversal or file download vulnerability.
Description:Summary:
Multiple WordPress Plugins / Themes are prone to a directory
traversal or file download vulnerability.

Vulnerability Impact:
Successful exploitation will allow a remote attacker to download
arbitrary files.

Affected Software/OS:
The following WordPress Plugins / Themes are known to be
affected:

- Product Input Fields for WooCommerce

- Slider Revolution (revslider)

- MiwoFTP

- aspose-doc-exporter

- candidate-application-form

- cloudsafe365-for-wp

- db-backup

- google-mp3-audio-player

- hb-audio-gallery-lite

- history-collection

- old-post-spinner

- pica-photo-gallery

- pictpress

- recent-backups

- wptf-image-gallery

- mTheme-Unus

- parallelus-mingle

- parallelus-salutation

- tinymce-thumbnail-gallery

- simple-image-manipulator

- site-import

- robotcpa

- Duplicator (Free and Pro)

- mypixs

- Membership Simplified (membership-simplified-for-oap-members-only)

- ibs-Mappro

- wp-ecommerce-shop-styling

- wp-swimteam

- mdc-youtube-downloader

- image-export

- zip-attachments

- download-zip-attachments

- se-html5-album-audio-player

- wp-instance-rename

- wp-license.php (unknown plugin)

- adaptive-images

- gracemedia-media-player

- localize-my-post

- site-editor

- wechat-broadcast

- simple-fields

- tutor

- mail-masta

- wp-vault

- wpsite-background-takeover

- NativeChurch

- wordfence

- memphis-documents-library

- advanced-dewplayer

- dukapress

- wp-source-control

- tera-charts

- Zoomsounds

- admin-word-count-column

- ad-widget

- amministrazione-aperta

- aspose-cloud-ebook-generator

- aspose-importer-exporter

- aspose-pdf-exporter

- brandfolder

- cab-fare-calculator

- cherry-plugin

- church-admin

- churchope

- shortcode

- sniplets

- video-synchro-pdf

- oxygen-theme

- count-per-day

- ebook-download

- simple-file-list

- Javo Spot Premium Theme

- CVE-2014-4577: WP AmASIN

- CVE-2014-4941: Cross-RSS (wp-cross-rss)

- CVE-2014-5187: Tom M8te (tom-m8te)

- CVE-2024-12209: WP Umbrella: Update Backup Restore & Monitoring (wp-health)

Solution:
Please contact the vendor for additional information regarding
potential updates. If none exist, remove the plugin / theme.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-6369
https://www.exploit-db.com/exploits/4695
Common Vulnerability Exposure (CVE) ID: CVE-2012-0896
BugTraq ID: 51402
http://www.securityfocus.com/bid/51402
http://www.exploit-db.com/exploits/18355
http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt
http://osvdb.org/78270
http://secunia.com/advisories/47529
XForce ISS Database: countperday-download-file-download(72385)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72385
Common Vulnerability Exposure (CVE) ID: CVE-2013-7240
BugTraq ID: 64587
http://www.securityfocus.com/bid/64587
http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal
http://seclists.org/oss-sec/2013/q4/566
http://seclists.org/oss-sec/2013/q4/570
Common Vulnerability Exposure (CVE) ID: CVE-2014-4577
http://codevigilant.com/disclosure/wp-plugin-wp-amasin-the-amazon-affiliate-shop-local-file-inclusion
http://plugins.svn.wordpress.org/wp-amasin-the-amazon-affiliate-shop/trunk/readme.txt
Common Vulnerability Exposure (CVE) ID: CVE-2014-4940
http://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/
Common Vulnerability Exposure (CVE) ID: CVE-2014-4941
http://codevigilant.com/disclosure/wp-plugin-cross-rss-local-file-inclusion/
Common Vulnerability Exposure (CVE) ID: CVE-2014-5187
http://codevigilant.com/disclosure/wp-plugin-tom-m8te-local-file-inclusion
Common Vulnerability Exposure (CVE) ID: CVE-2014-5368
BugTraq ID: 69278
http://www.securityfocus.com/bid/69278
http://seclists.org/oss-sec/2014/q3/407
http://seclists.org/oss-sec/2014/q3/417
XForce ISS Database: wp-sourcecontrol-dir-trav(95374)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95374
Common Vulnerability Exposure (CVE) ID: CVE-2014-8799
http://www.exploit-db.com/exploits/35346
http://security.szurek.pl/dukapress-252-path-traversal.html
XForce ISS Database: dukapress-cve20148799-dir-traversal(98943)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98943
Common Vulnerability Exposure (CVE) ID: CVE-2014-9119
https://wpvulndb.com/vulnerabilities/7726
http://seclists.org/oss-sec/2014/q4/1059
XForce ISS Database: dbbackup-wordpress-cve20149119-dir-traversal(99368)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99368
Common Vulnerability Exposure (CVE) ID: CVE-2014-9734
http://www.exploit-db.com/exploits/34511
http://marketblog.envato.com/news/affected-themes/
http://marketblog.envato.com/news/plugin-vulnerability/
http://packetstormsecurity.com/files/132366/WordPress-Revslider-4.2.2-XSS-Information-Disclosure.html
https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html
https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php
Common Vulnerability Exposure (CVE) ID: CVE-2015-1000005
BugTraq ID: 97108
http://www.securityfocus.com/bid/97108
http://www.vapidlabs.com/advisory.php?v=142
Common Vulnerability Exposure (CVE) ID: CVE-2015-1000006
BugTraq ID: 97125
http://www.securityfocus.com/bid/97125
http://www.vapidlabs.com/advisory.php?v=144
Common Vulnerability Exposure (CVE) ID: CVE-2015-1000007
http://www.vapidlabs.com/advisory.php?v=148
Common Vulnerability Exposure (CVE) ID: CVE-2015-1000010
BugTraq ID: 94563
http://www.securityfocus.com/bid/94563
http://www.vapidlabs.com/advisory.php?v=147
Common Vulnerability Exposure (CVE) ID: CVE-2015-1000012
BugTraq ID: 94495
http://www.securityfocus.com/bid/94495
http://www.vapidlabs.com/advisory.php?v=154
Common Vulnerability Exposure (CVE) ID: CVE-2015-1579
http://www.exploit-db.com/exploits/36039
https://wpvulndb.com/vulnerabilities/7540
Common Vulnerability Exposure (CVE) ID: CVE-2015-4414
BugTraq ID: 75093
http://www.securityfocus.com/bid/75093
https://www.exploit-db.com/exploits/37274/
http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html
http://www.vapid.dhs.org/advisory.php?v=124
https://wpvulndb.com/vulnerabilities/8032
Common Vulnerability Exposure (CVE) ID: CVE-2015-4694
BugTraq ID: 75211
http://www.securityfocus.com/bid/75211
http://www.vapid.dhs.org/advisory.php?v=126
https://wordpress.org/support/topic/zip-attachments-wordpress-plugin-v114-arbitrary-file-download-vulnerability?replies=1
https://wpvulndb.com/vulnerabilities/8047
http://www.openwall.com/lists/oss-security/2015/06/21/2
http://www.openwall.com/lists/oss-security/2015/06/12/4
Common Vulnerability Exposure (CVE) ID: CVE-2015-4703
BugTraq ID: 75394
http://www.securityfocus.com/bid/75394
http://packetstormsecurity.com/files/132460/WordPress-WP-Instance-Rename-1.0-File-Download.html
http://www.vapid.dhs.org/advisory.php?v=127
https://wpvulndb.com/vulnerabilities/8055
http://www.openwall.com/lists/oss-security/2015/06/23/5
Common Vulnerability Exposure (CVE) ID: CVE-2015-4704
http://packetstormsecurity.com/files/132459/Download-Zip-Attachments-1.0-File-Download.html
http://www.vapid.dhs.org/advisory.php?v=129
Common Vulnerability Exposure (CVE) ID: CVE-2015-5468
http://www.vapid.dhs.org/advisory.php?v=136
http://www.openwall.com/lists/oss-security/2015/07/06/19
http://www.openwall.com/lists/oss-security/2015/07/10/4
Common Vulnerability Exposure (CVE) ID: CVE-2015-5469
http://www.vapid.dhs.org/advisory.php?v=133
http://www.openwall.com/lists/oss-security/2015/07/07/1
http://www.openwall.com/lists/oss-security/2015/07/10/5
Common Vulnerability Exposure (CVE) ID: CVE-2015-5471
BugTraq ID: 75600
http://www.securityfocus.com/bid/75600
http://packetstormsecurity.com/files/132653/WordPress-WP-SwimTeam-1.44.10777-Arbitrary-File-Download.html
http://www.vapid.dhs.org/advisory.php?v=134
https://wpvulndb.com/vulnerabilities/8071
Common Vulnerability Exposure (CVE) ID: CVE-2015-5472
http://www.vapid.dhs.org/advisory.php?v=137
https://wpvulndb.com/vulnerabilities/8091
Common Vulnerability Exposure (CVE) ID: CVE-2015-5609
http://www.vapid.dhs.org/advisory.php?v=135
http://www.openwall.com/lists/oss-security/2015/07/13/10
http://www.openwall.com/lists/oss-security/2015/07/21/1
Common Vulnerability Exposure (CVE) ID: CVE-2015-9406
https://packetstormsecurity.com/files/133778/
https://wpvulndb.com/vulnerabilities/9890
Common Vulnerability Exposure (CVE) ID: CVE-2015-9470
https://packetstormsecurity.com/files/132279/
https://wordpress.org/plugins/history-collection/#developers
Common Vulnerability Exposure (CVE) ID: CVE-2015-9480
https://www.exploit-db.com/exploits/37252
Common Vulnerability Exposure (CVE) ID: CVE-2016-10924
https://wordpress.org/plugins/ebook-download/#developers
Common Vulnerability Exposure (CVE) ID: CVE-2016-10956
https://cxsecurity.com/issue/WLB-2016080220
https://wordpress.org/plugins/mail-masta/#developers
https://wpvulndb.com/vulnerabilities/8609
Common Vulnerability Exposure (CVE) ID: CVE-2017-1002008
https://www.exploit-db.com/exploits/41622/
http://www.vapidlabs.com/advisory.php?v=187
https://wordpress.org/plugins/membership-simplified-for-oap-members-only
https://wpvulndb.com/vulnerabilities/8777
Common Vulnerability Exposure (CVE) ID: CVE-2018-16283
https://www.exploit-db.com/exploits/45438/
http://seclists.org/fulldisclosure/2018/Sep/32
https://wpvulndb.com/vulnerabilities/9132
Common Vulnerability Exposure (CVE) ID: CVE-2018-16299
https://www.exploit-db.com/exploits/45439/
http://seclists.org/fulldisclosure/2018/Sep/33
https://github.com/julianburr/wp-plugin-localizemypost/issues/1
https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-7422
https://www.exploit-db.com/exploits/44340/
http://seclists.org/fulldisclosure/2018/Mar/40
https://wpvulndb.com/vulnerabilities/9044
Common Vulnerability Exposure (CVE) ID: CVE-2018-9118
https://www.exploit-db.com/exploits/44417/
https://wpvulndb.com/vulnerabilities/9056
Common Vulnerability Exposure (CVE) ID: CVE-2019-14205
https://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown
https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html
https://wordpress.org/plugins/adaptive-images/#developers
https://wpvulndb.com/vulnerabilities/9468
Common Vulnerability Exposure (CVE) ID: CVE-2019-14206
Common Vulnerability Exposure (CVE) ID: CVE-2019-9618
http://seclists.org/fulldisclosure/2019/Mar/32
http://seclists.org/fulldisclosure/2019/Mar/26
https://wordpress.org/plugins/gracemedia-media-player/#developers
https://wpvulndb.com/vulnerabilities/9234
Common Vulnerability Exposure (CVE) ID: CVE-2020-11738
http://packetstormsecurity.com/files/160621/WordPress-Duplicator-1.3.26-Directory-Traversal-File-Read.html
http://packetstormsecurity.com/files/164533/WordPress-Duplicator-1.3.26-Arbitrary-File-Read.html
https://cwe.mitre.org/data/definitions/23.html
https://snapcreek.com/duplicator/docs/changelog/?lite
https://www.wordfence.com/blog/2020/02/active-attack-on-recently-patched-duplicator-plugin-vulnerability-affects-over-1-million-sites/
Common Vulnerability Exposure (CVE) ID: CVE-2021-39316
http://packetstormsecurity.com/files/165146/WordPress-DZS-Zoomsounds-6.45-Arbitrary-File-Read.html
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39316
Common Vulnerability Exposure (CVE) ID: CVE-2022-1119
https://docs.google.com/document/d/1qIZXTzEpI4tO6832vk1KfsSAroT0FY2l--THlhJ8z3c/edit
https://plugins.trac.wordpress.org/browser/simple-file-list/trunk/includes/ee-downloader.php?rev=2071880
https://wpscan.com/vulnerability/075a3cc5-1970-4b64-a16f-3ec97e22b606
https://www.wordfence.com/threat-intel/vulnerabilities/id/ff21241d-e488-4460-b8c2-d5a070c8c107?source=cve
Common Vulnerability Exposure (CVE) ID: CVE-2024-12209
CopyrightCopyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.