Vulnerability Details CVE-2014-8801
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.305
EPSS Ranking 96.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/129189/Paid-Memberships-Pro-1.7.14.2-Path-Traversal.html
- http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html
- http://www.exploit-db.com/exploits/35303
- http://www.paidmembershipspro.com/2014/11/critical-security-update-pmpro-v1-7-15/
- http://www.securityfocus.com/bid/71293
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98805
- https://wordpress.org/plugins/paid-memberships-pro/changelog/
- http://packetstormsecurity.com/files/129189/Paid-Memberships-Pro-1.7.14.2-Path-Traversal.html
- http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html
- http://www.exploit-db.com/exploits/35303
- http://www.paidmembershipspro.com/2014/11/critical-security-update-pmpro-v1-7-15/
- http://www.securityfocus.com/bid/71293
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98805
- https://wordpress.org/plugins/paid-memberships-pro/changelog/
Products affected by CVE-2014-8801
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:-
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.10
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.11
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.12
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.13
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.15
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.6
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.9
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.10
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.6
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.9
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.10
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.11
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.12
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.13
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.14
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.15
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.16
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.17
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.17.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.18
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.18.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.19
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.6
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.9
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.5.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.6
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.9
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.2.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.6
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.6.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.9
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.9.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.9.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.6
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.6.0.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.6.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.0.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.0.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.0.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.0.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.10
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.10.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.10.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.11
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.12
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.13
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.13.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.14
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.14.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.14.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.2.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.3.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.8.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.8.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.9
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.9.1