ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Cart66 Lite Plugin <= 1.5.3 - Directory Traversal

Product
Cart66 Lite
Description
Because of this vulnerability, authenticated users can read arbitrary files in the member_download action to wp-admin/admin-ajax.php.
Solution
Update the plugin.
Classification
Type Information Disclosure
References
CVE Mitre
CVE
Name CVE-2014-9461
Versions
Affected In <= 1.5.3
Fixed In 1.5.4
Disclosure date
2015-01-02