CVE-2015-4694

high-risk
Published 2016-01-08

Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.

Do I need to act?

!
32.5% chance of exploitation in next 30 days
EPSS score — higher than 67% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Zip Attachments Project

References (14)

Exploit http://www.openwall.com/lists/oss-security/2015/06/12/4
Exploit http://www.openwall.com/lists/oss-security/2015/06/21/2
http://www.securityfocus.com/bid/75211
Exploit http://www.vapid.dhs.org/advisory.php?v=126
Patch https://wordpress.org/plugins/zip-attachments/changelog/
https://wordpress.org/support/topic/zip-attachments-wordpress-plugin-v114-arbitr...
https://wpvulndb.com/vulnerabilities/8047
Exploit http://www.openwall.com/lists/oss-security/2015/06/12/4
Exploit http://www.openwall.com/lists/oss-security/2015/06/21/2
http://www.securityfocus.com/bid/75211
Exploit http://www.vapid.dhs.org/advisory.php?v=126
Patch https://wordpress.org/plugins/zip-attachments/changelog/
https://wordpress.org/support/topic/zip-attachments-wordpress-plugin-v114-arbitr...
https://wpvulndb.com/vulnerabilities/8047
50
/ 100
high-risk
Severity 29/34 · Critical
Exploitability 16/34 · Moderate
Exposure 5/34 · Minimal