Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-2674. PoCs published by Glyn Wintle.
AI-analyzed exploit summary This is a writeup describing a local file inclusion vulnerability in Ajax Pagination (twitter Style) 1.1. The vulnerability allows unauthenticated users to include any local file ending in '.php' via the 'loop' parameter in a POST request to the 'wp_ajax_nopriv_ajax_navigation' function.
Description
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.
Exploits (1)
This is a writeup describing a local file inclusion vulnerability in Ajax Pagination (twitter Style) 1.1. The vulnerability allows unauthenticated users to include any local file ending in '.php' via the 'loop' parameter in a POST request to the 'wp_ajax_nopriv_ajax_navigation' function.
References (1)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N