CVE-2013-7240 — Vulnetix

CVE-2013-7240 PUBLISHED CVSS 5 MEDIUM

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.

EPSS 41.46% · 97.5th percentile

Risk Scores

CVSS v2.0

EPSS Score

41.46%

97.5th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
wordpress	wordpress
westerndeal	advanced_dewplayer	1.2

Timeline

Dec 30, 2013 PoC Published
Jan 2, 2014 CVE Published
Feb 4, 2022 EPSS Score
May 20, 2022 EPSS Score
Jun 16, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Dec 17, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Apr 1, 2023 EPSS Score
Jul 15, 2023 EPSS Score
Sep 29, 2023 EPSS Score
Oct 28, 2023 EPSS Score

References

http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal url
[oss-security] 20131230 Re: CVE-request: Dewplayer issues mailing-list
64587 vdb
[oss-security] 20131230 CVE-request: Dewplayer issues mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2013-7240 advisory

Open in Interactive Console →