ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Paid Memberships Pro Plugin 1.7.14 - Directory Traversal

Product
Paid Memberships Pro
Description
This vulnerability is in the services/getfile.php, It allows the attackers to read arbitrary files in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
Solution
Update the plugin.
Classification
Type Information Disclosure
References
CVE Mitre
CVE
Name CVE-2014-8801
Versions
Affected In <= 1.7.14
Fixed In 1.7.15
Disclosure date
2014-11-13
Credits
Kacper Szurek