Описание
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- https://plugins.trac.wordpress.org/changeset/1179092/paypal-currency-converter-basic-for-woocommerceThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- https://plugins.trac.wordpress.org/changeset/1179092/paypal-currency-converter-basic-for-woocommerceThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.4 (исключая)
cpe:2.3:a:intelligent-it:paypal_currency_converter_basic_for_woocommerce:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 97%
0.41339
Средний
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.
EPSS
Процентиль: 97%
0.41339
Средний
5 Medium
CVSS2
Дефекты
CWE-22