CVE-2014-2674

HIGH

Ajax Pagination (twitter Style) <1.1 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2674. PoCs published by Glyn Wintle.

AI-analyzed exploit summary This is a writeup describing a local file inclusion vulnerability in Ajax Pagination (twitter Style) 1.1. The vulnerability allows unauthenticated users to include any local file ending in '.php' via the 'loop' parameter in a POST request to the 'wp_ajax_nopriv_ajax_navigation' function.

Description

Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.

Exploits (1)

exploitdb WRITEUP
by Glyn Wintle · textwebappsphp
https://www.exploit-db.com/exploits/32622

This is a writeup describing a local file inclusion vulnerability in Ajax Pagination (twitter Style) 1.1. The vulnerability allows unauthenticated users to include any local file ending in '.php' via the 'loop' parameter in a POST request to the 'wp_ajax_nopriv_ajax_navigation' function.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Ajax Pagination (twitter Style) 1.1
No auth needed
Prerequisites: Access to the target WordPress site with the vulnerable plugin installed
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.1568
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
ajax-pagination_project/ajax-pagination 1.1
Published Mar 19, 2018
Tracked Since Feb 18, 2026