CVE-2014-4577

NUCLEI

WP AmASIN <0.9.6 - Path Traversal

Title source: llm

Description

Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.

Nuclei Templates (1)

WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion

MEDIUMby DhiyaneshDK

References (2)

[Exploit] http://codevigilant.com/disclosure/wp-plugin-wp-amasin-the-amazon-affiliate-shop-local-file-inclusion

[Vendor Advisory] http://plugins.svn.wordpress.org/wp-amasin-the-amazon-affiliate-shop/trunk/readme.txt

Scores

EPSS 0.0182

EPSS Percentile 82.9%

Details

CWE

CWE-22

Status published

Products (1)

websupporter/wp_amasin_-_the_amazon_affiliate_shop < 0.9.6

Published Oct 21, 2014

Tracked Since Feb 18, 2026