CVE-2013-7240

NUCLEI

Advanced Dewplayer <1.2 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Henri Salo · textwebappsphp
https://www.exploit-db.com/exploits/38936

Nuclei Templates (1)

WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
MEDIUMby daffainfo

References (4)

Scores

EPSS 0.4145
EPSS Percentile 97.4%

Details

CWE
CWE-22
Status published
Products (2)
westerndeal/advanced_dewplayer 1.2
wordpress/wordpress
Published Jan 03, 2014
Tracked Since Feb 18, 2026