Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-8801Path Traversal in Paid Memberships PRO

CWE-22Path Traversal4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
30.5%
top 3.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Strangerstudios Paid Memberships PRO
Timeline
PublishedNov 28
Latest updateMay 13

Description

Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-245j-xvm7-rm2r: Directory traversal vulnerability in services/getfile2022-05-13
CVEList
CVE-2014-8801: Directory traversal vulnerability in services/getfile2014-11-28

💥Exploits & PoCs

1
Exploit-DB
WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal2014-11-19
CVE-2014-8801 — Path Traversal in Paid Memberships PRO | cvebase