Published: 06/11/2019 Updated: 08/11/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 410

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin prior to 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wpmarketplace project wpmarketplace 2.4.0

WordPress Marketplace version 240 suffers from an arbitrary file download vulnerability ...

# Exploit Title: WP Marketplace 240 Arbitrary File Download # Date: 26-10-2014 # Software Link: wordpressorg/plugins/wpmarketplace/ # Exploit Author: Kacper Szurek # Contact: twittercom/KacperSzurek # Website: securityszurekpl/ # Category: webapps # CVE: CVE-2014-9013 and CVE-2014-9014 1 Description Anyone can run use ...

#!/usr/bin/python # # Exploit Name: WP Marketplace 240 Remote Command Execution # # Vulnerability discovered by Kacper Szurek (securityszurekpl) # # Exploit written by Claudio Viviani # # # # -------------------------------------------------------------------- # # The vulnerable function is located on "wpmarketplace/libs/cartphp" file: ...

CWE-22 https://www.exploit-db.com/exploits/36466/https://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html https://nvd.nist.gov https://packetstormsecurity.com/files/131018/WordPress-Marketplace-2.4.0-Arbitrary-File-Download.html https://www.exploit-db.com/exploits/36466/

CVE-2014-9014

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect