Vulnerability Details CVE-2015-7669
Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/archive/1/536597/100/0/threaded
- https://wordpress.org/plugins/easy2map/#developers
- https://wpvulndb.com/vulnerabilities/8206
- http://www.securityfocus.com/archive/1/536597/100/0/threaded
- https://wordpress.org/plugins/easy2map/#developers
- https://wpvulndb.com/vulnerabilities/8206
Products affected by CVE-2015-7669
-
cpe:2.3:a:easy2map:easy2map:1.0.1
-
cpe:2.3:a:easy2map:easy2map:1.0.5
-
cpe:2.3:a:easy2map:easy2map:1.0.6
-
cpe:2.3:a:easy2map:easy2map:1.1.0
-
cpe:2.3:a:easy2map:easy2map:1.1.2
-
cpe:2.3:a:easy2map:easy2map:1.1.8
-
cpe:2.3:a:easy2map:easy2map:1.2.0
-
cpe:2.3:a:easy2map:easy2map:1.2.1
-
cpe:2.3:a:easy2map:easy2map:1.2.4
-
cpe:2.3:a:easy2map:easy2map:1.2.6
-
cpe:2.3:a:easy2map:easy2map:1.2.7
-
cpe:2.3:a:easy2map:easy2map:1.2.9