ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WooCommerce Plugin <= 1.3 - Absolute Path Traversal

Product
WooCommerce
Description
This vulnerability is in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin. It allows an attacker to read arbitrary files in the "requrl" parameter via a full pathname.
Solution
Update the plugin.
Classification
Type Local File Inclusion
References
CVE Mitre
CVE
Name CVE-2015-5065
Versions
Affected In <= 1.3
Fixed In 1.4
Disclosure date
2015-06-24
Credits
Kuroi'SH