CVE-2014-5368

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
22/08/2014
Last modified:
12/04/2025

Description

Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:wp_content_source_control_project:wp_content_source_control:*:*:*:*:*:wordpress:*:* 3.0.0 (including)