cbcvebase.
CVE-2015-5468
published 2017-05-23

CVE-2015-5468: Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .…

PriorityP178high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
24.09%
97.6th percentile
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
wpshopstylingwp_e-commerce_shop_styling<= 2.5

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php
url/wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php?filename=../../../../../../../../../etc/passwd
  • Detect HTTP requests to the vulnerable download.php endpoint with directory traversal sequences (../) in the 'filename' query parameter.
  • Monitor GET requests targeting /wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php with a filename parameter containing '../' path traversal sequences, particularly attempts to reach /etc/passwd or other sensitive system files.
  • The downloaded file will be named after the traversed path (with path separators replaced by dashes), e.g. '-..-..-..-..-..-..-..-..-etc-passwd'; monitor for such anomalously named files in download activity.
  • ·The vulnerability exists in plugin versions before 2.6; the fix was introduced in version 2.6. Ensure the plugin is updated to 2.6 or later to remediate.
  • ·The vulnerable code in download.php performs no sanitization of the user-supplied 'filename' parameter, allowing arbitrary file reads from the server filesystem.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.