Wpmarketplace Project Wpmarketplace vulnerabilities
2 known vulnerabilities affecting wpmarketplace_project/wpmarketplace.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2014-9013P2HIGHCVSS 8.8PoCv2.4.02019-11-06
CVE-2014-9013 [HIGH] CWE-20 CVE-2014-9013: The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPres
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user.
nvd
CVE-2014-9014P3MEDIUMCVSS 4.3PoCv2.4.02019-11-06
CVE-2014-9014 [MEDIUM] CWE-22 CVE-2014-9014: Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.
nvd