CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-7240

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.778

EPSS Ranking 98.9%

CVSS Severity

CVSS v2 Score 5.0

References

http://seclists.org/oss-sec/2013/q4/566
http://seclists.org/oss-sec/2013/q4/570
http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal
http://www.securityfocus.com/bid/64587
http://seclists.org/oss-sec/2013/q4/566
http://seclists.org/oss-sec/2013/q4/570
http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal
http://www.securityfocus.com/bid/64587

Products affected by CVE-2013-7240

Westerndeal » Advanced Dewplayer » Version: 1.2

cpe:2.3:a:westerndeal:advanced_dewplayer:1.2
Wordpress » Wordpress » Version: N/A

cpe:2.3:a:wordpress:wordpress:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-7240

Products

Pricing

Contact Us