CVE-2015-4694
published 2016-01-08CVE-2015-4694: Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via…
PriorityP268high8.6CVSS 3.0
AVNACLPRNUINSCCHINAN
EXPLOIT
EPSS
15.65%
96.4th percentile
Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zip_attachments_project | zip_attachments | <= 1.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-content/plugins/zip-attachments/download.php?za_file=../../../../../etc/passwd&za_filename=passwd↗
- →Look for GET requests to download.php in the zip-attachments plugin directory containing '../' sequences in the za_file parameter, indicating directory traversal attempts. ↗
- →Use the Google dork inurl:"/wp-content/plugins/zip-attachments" to identify potentially vulnerable WordPress installations exposed on the internet. ↗
- →A successful exploitation response will return HTTP 200 and contain the /etc/passwd file content matching the pattern root:[x*]:0:0. ↗
- ·The NVD advisory states the vulnerability affects versions before 1.5.1, but the Nuclei template targets versions <= 1.1.4. Ensure detection coverage accounts for the full affected range up to 1.5.1. ↗
- ·The plugin does not validate the download path of the requested file at all, meaning any path traversal sequence in za_file is passed directly — no bypass encoding is needed for basic exploitation. ↗
CVSS provenance
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
nuclei·CVSS 8.6
CVE-2015-4694 [HIGH] WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file.
Template:
id: CVE-2015-4694
info:
name: WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
author: 0x_Akoko
severity: high
description: WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file.
impact: |
Arbitrary file retrieval
remediation: |
Update to the latest version of the WordPress Zip Attachments plugin (1.1.4) or remove the plugin if not needed.
reference:
- https://wordpress.org/plugins/zip-attachments/#developers
- https://wpscan.com/vulnerability/8047
- https://nvd.nist.gov/vuln/detail/CVE-2015-4694
- http://w
http://www.openwall.com/lists/oss-security/2015/06/12/4http://www.openwall.com/lists/oss-security/2015/06/21/2http://www.securityfocus.com/bid/75211http://www.vapid.dhs.org/advisory.php?v=126https://wordpress.org/plugins/zip-attachments/changelog/https://wordpress.org/support/topic/zip-attachments-wordpress-plugin-v114-arbitrary-file-download-vulnerability?replies=1https://wpvulndb.com/vulnerabilities/8047http://www.openwall.com/lists/oss-security/2015/06/12/4http://www.openwall.com/lists/oss-security/2015/06/21/2http://www.securityfocus.com/bid/75211http://www.vapid.dhs.org/advisory.php?v=126https://wordpress.org/plugins/zip-attachments/changelog/https://wordpress.org/support/topic/zip-attachments-wordpress-plugin-v114-arbitrary-file-download-vulnerability?replies=1https://wpvulndb.com/vulnerabilities/8047
2016-01-08
Published