ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Swim Team Plugin <= 1.44.10777 - Absolute Path Traversal

Product
Swim Team
Description
This vulnerability is in include/user/download.php. It allows an attacker to read arbitrary files via a full pathname in the "file" parameter.
Solution
Update the plugin.
Classification
Type Local File Inclusion
References
CVE Mitre
CVE
Name CVE-2015-5471
Versions
Affected In <= 1.44.10777
Fixed In 1.45
Disclosure date
2015-07-10
Credits
Larry W. Cashdollar