NuytsTech Security

CVE-2014-5465

by ·

Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Date published : 2014-09-03

http://www.securityfocus.com/bid/69440

http://packetstormsecurity.com/files/128024/WordPress-ShortCode-1.1-Local-File-Inclusion.html

Tags: