CVE-2011-1669

NUCLEI

WP Custom Pages <0.5.0.1 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.

Exploits (1)

exploitdb WORKING POC

by AutoSec Tools · textwebappsphp

https://www.exploit-db.com/exploits/17119

View Code ZIP pw:eip

Nuclei Templates (1)

WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)

MEDIUMby daffainfo

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/71707

[Vendor Advisory] http://secunia.com/advisories/43963

[Exploit] http://www.autosectools.com/Advisories/WordPress.WP.Custom.Pages.0.5.0.1_Local.File.Inclusion_169.html

[Exploit] http://www.exploit-db.com/exploits/17119

[Exploit, Patch] http://www.securityfocus.com/bid/47146

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/66559

Scores

EPSS 0.0120

EPSS Percentile 78.6%

Classification

CWE

CWE-22

Status draft

Affected Products (1)

mikoviny/wp_custom_pages

Timeline

Published Apr 10, 2011

Tracked Since Feb 18, 2026