CVE-2014-4937

BookX 1.7 - Path Traversal via File Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4937. PoCs published by Anant Shrivastava.

AI-analyzed exploit summary The exploit describes a local file inclusion (LFI) vulnerability in the BookX WordPress plugin, allowing attackers to read arbitrary files by manipulating the 'file' parameter. No actual exploit code is provided, only example URLs demonstrating the vulnerability.

Description

Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Anant Shrivastava · textwebappsphp

https://www.exploit-db.com/exploits/39251

View Code ZIP pw:eip

The exploit describes a local file inclusion (LFI) vulnerability in the BookX WordPress plugin, allowing attackers to read arbitrary files by manipulating the 'file' parameter. No actual exploit code is provided, only example URLs demonstrating the vulnerability.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: BookX WordPress plugin 1.7

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

http://codevigilant.com/disclosure/wp-plugin-bookx-local-file-inclusion/

Scores

EPSS 0.0886

EPSS Percentile 94.5%

Details

CWE

CWE-22

Status published

Products (1)

bookx_plugin_project/bookx 1.7

Published Jul 11, 2014

Tracked Since Feb 18, 2026