cbcvebase.
CVE-2014-8799
published 2014-11-28

CVE-2014-8799: Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote…

PriorityP356medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
68.46%
99.2th percentile
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
dukapressdukapress<= 2.5.3

Detection & IOCsextracted from sources · hover to see the quote

url/wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../wp-config.php
path/wp-content/plugins/dukapress/lib/dp_image.php
  • Look for GET requests to dp_image.php with a 'src' parameter containing directory traversal sequences (../) targeting wp-config.php or other sensitive files.
  • Successful exploitation returns wp-config.php contents; match response body for WordPress database credential strings DB_NAME, DB_PASSWORD, DB_USER, DB_HOST.
  • The vulnerable code path is triggered when $_REQUEST['w'] and $_REQUEST['h'] are absent, causing dp_img_resize() to return the raw src value and pass it to file_get_contents().
  • Use Google dork to identify exposed WordPress installations running the DukaPress plugin as potential targets.
  • ·Vulnerability affects DukaPress plugin versions up to and including 2.5.3; version 2.5.4 contains the fix. The Metasploit module targets <= 2.5.3.
  • ·The exploit requires no authentication (Au:N) and is network-accessible, making it trivially exploitable against any exposed WordPress instance with the vulnerable plugin installed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.