CVE-2015-5065

EXPLOITED

Paypal Currency Converter Basic For WooCommerce < 1.4 - Unauthenticated Arbitrary File Read via requrl Parameter

Title source: llm

Exploitation Summary

CVE-2015-5065 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Kuroi'SH.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability in the Paypal Currency Converter Basic For Woocommerce plugin. The proxy.php file reads and outputs the content of any file specified via the requrl parameter, allowing attackers to read sensitive files like /etc/passwd.

Description

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kuroi'SH · textwebappsphp

https://www.exploit-db.com/exploits/37253

View Code ZIP pw:eip

This exploit demonstrates a local file inclusion vulnerability in the Paypal Currency Converter Basic For Woocommerce plugin. The proxy.php file reads and outputs the content of any file specified via the requrl parameter, allowing attackers to read sensitive files like /etc/passwd.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Paypal Currency Converter Basic For Woocommerce <=1.3

No auth needed

Prerequisites: Target must have the vulnerable plugin installed and accessible

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory x_refsource_confirm

https://plugins.trac.wordpress.org/changeset/1179092/paypal-currency-converter-basic-for-woocommerce

Patch, Third Party Advisory x_refsource_confirm

https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/changelog/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/132278/WordPress-Paypal-Currency-Converter-Basic-For-Woocommerce-1.3-File-Read.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/37253/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/75416

Scores

EPSS 0.1632

EPSS Percentile 96.5%

Details

VulnCheck KEV 2015-10-05

CWE

CWE-22

Status published

Products (1)

intelligent-it/paypal_currency_converter_basic_for_woocommerce < 1.4

Published Jun 24, 2015

Tracked Since Feb 18, 2026