CVE-2014-5187
published 2014-08-06CVE-2014-5187: Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter…
PriorityP338medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.72%
90.7th percentile
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tom_m8te_plugin_project | tom-m8te_plugin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal
nuclei·CVSS 5.0
CVE-2014-5187 [MEDIUM] Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal
Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.
Template:
id: CVE-2014-5187
info:
name: Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal
author: DhiyaneshDK
severity: medium
description: |
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.
impact: |
Remote attackers can read arbitrary files on the server, potentially leading to information disclosure or further exploitation.
remediation: |
Update to the latest version of the plugin or apply security patches to
No writeups or analysis indexed.
2014-08-06
Published