CVE-2015-5482
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
18/08/2015
Last modified:
12/04/2025
Description
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:dev4press:gd_bbpress_attachments:*:*:*:*:*:wordpress:*:* | 2.2 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://packetstormsecurity.com/files/132656/wpgdbbpress-lfi.txt
- https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/
- https://wordpress.org/plugins/gd-bbpress-attachments/changelog/
- https://wpvulndb.com/vulnerabilities/8087
- https://packetstormsecurity.com/files/132656/wpgdbbpress-lfi.txt
- https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/
- https://wordpress.org/plugins/gd-bbpress-attachments/changelog/
- https://wpvulndb.com/vulnerabilities/8087