CVE-2013-7240

NUCLEI

Advanced Dewplayer <1.2 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-7240. PoCs published by Henri Salo. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in the Advanced Dewplayer WordPress plugin, allowing attackers to read arbitrary files by manipulating the 'dew_file' parameter. The provided URL demonstrates accessing 'wp-config.php' via path traversal sequences.

Description

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Henri Salo · textwebappsphp
https://www.exploit-db.com/exploits/38936

The exploit describes a directory traversal vulnerability in the Advanced Dewplayer WordPress plugin, allowing attackers to read arbitrary files by manipulating the 'dew_file' parameter. The provided URL demonstrates accessing 'wp-config.php' via path traversal sequences.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Advanced Dewplayer WordPress plugin 1.2
No auth needed
Prerequisites: Target must have the vulnerable plugin installed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
MEDIUMby daffainfo

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/570
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64587
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/566

Scores

EPSS 0.4145
EPSS Percentile 97.5%

Details

CWE
CWE-22
Status published
Products (2)
westerndeal/advanced_dewplayer 1.2
wordpress/wordpress
Published Jan 03, 2014
Tracked Since Feb 18, 2026