5
CVSSv2

CVE-2014-5465

Published: 03/09/2014 Updated: 03/09/2014
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and previous versions for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

werdswords download shortcode 0.2

werdswords download shortcode 0.1

werdswords download shortcode

werdswords download shortcode 0.2.2

Exploits

################################################################################################# # # Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability # Severity : High+/Critical # Reporter(s) : Mehdi Karout & Christian Galeone # Google Dork : inurl:wp/wp-content/force-download ...

Mailing Lists

WordPress ShortCode plugin version 023 suffers from a local file inclusion vulnerability Note that this finding houses site-specific data ...