CVE-2012-4915

Google Doc Embedder <2.5.4 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/23970

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Charlie Eriksen · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/88891

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/57133

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/80930

[Third Party Advisory] http://secunia.com/advisories/50832

Scores

EPSS 0.7736

EPSS Percentile 99.0%

Details

CWE

CWE-22

Status published

Products (18)

davistribe/google_doc_embedder 2.0

davistribe/google_doc_embedder 2.1

davistribe/google_doc_embedder 2.2

davistribe/google_doc_embedder 2.2.1

davistribe/google_doc_embedder 2.2.2

davistribe/google_doc_embedder 2.2.3

davistribe/google_doc_embedder 2.3

davistribe/google_doc_embedder 2.4

davistribe/google_doc_embedder 2.4.1

davistribe/google_doc_embedder 2.4.2

... and 8 more

Published May 29, 2014

Tracked Since Feb 18, 2026