CVE-2015-5065

EXPLOITED

Intelligent-it Paypal Currency Conver... - Path Traversal

Title source: rule

Description

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kuroi'SH · textwebappsphp

https://www.exploit-db.com/exploits/37253

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/132278/WordPress-Paypal-Currency-Converter-Basic-For-Woocommerce-1.3-File-Read.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/75416

[Third Party Advisory] https://plugins.trac.wordpress.org/changeset/1179092/paypal-currency-converter-basic-for-woocommerce

[Patch, Third Party Advisory] https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/changelog/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/37253/

Scores

EPSS 0.3540

EPSS Percentile 97.1%

Details

VulnCheck KEV 2015-10-05

CWE

CWE-22

Status published

Products (1)

intelligent-it/paypal_currency_converter_basic_for_woocommerce < 1.4

Published Jun 24, 2015

Tracked Since Feb 18, 2026