WordPress Plugin Vulnerabilities

History Collection <= 1.1.1 - Arbitraty File Download

Description

The history-collection WordPress plugin was affected by an Arbitraty File Download security vulnerability.

Affects Plugins

Plugin icon
history-collection
No known fix

References

CVE
CVE-2015-9470
Exploitdb
37254
URL
https://packetstormsecurity.com/files/#132279/

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
7.5 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
85602620-dd55-4584-adfb-3fe9ba3b8bf4

Timeline

Publicly Published
2015-06-10 (about 8 years ago)
Added
2015-06-10 (about 8 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2024-03-28
Title
SellKit < 1.8.3 - Authenticated (Subscriber+) Arbitrary File Download
Published
2021-10-19
Title
Images to WebP < 1.9 - Authenticated Local File Inclusion
Published
2015-01-15
Title
GI-Media Library < 3.0 - Arbitrary File Download
Published
2014-08-01
Title
LineNity 1.20 - download.php imgurl Parameter Remote Path Traversal File Access
Published
2015-06-03
Title
N-Media Website Contact Form with File Upload <= 1.5 - Local File Inclusion