WP Marketplace <= 2.4.0 - Arbitrary File Download

Affects Plugin

fixed in version 2.4.1
- plugin closed

References

CVE 2014-9013
CVE 2014-9014
ExploitDB 36466
PacketStorm 131018
URL http://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Submitter Kacper Szurek
Submitter Website http://security.szurek.pl/
Submitter Twitter KacperSzurek
Views 4300
Verified No
WPVDB ID 7861

Timeline

Publicly Published 2015-03-21 (over 5 years ago)
Added 2015-03-22 (over 5 years ago)
Last Updated 2019-10-21 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin