CVE-2015-5471
MEDIUM EXPLOITED NUCLEISwim Team plugin <1.44.10777 - Path Traversal
Title source: llmDescription
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Larry W. Cashdollar · textwebappsphp
https://www.exploit-db.com/exploits/37601
Nuclei Templates (1)
Swim Team <= v1.44.10777 - Local File Inclusion
MEDIUMby 0x_Akoko
References (6)
Scores
CVSS v3
5.3
EPSS
0.5400
EPSS Percentile
98.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitation Intel
VulnCheck KEV
2026-02-12
Classification
CWE
CWE-22
Status
draft
Affected Products (1)
swim_team_project/swim_team
Timeline
Published
Jan 12, 2016
Tracked Since
Feb 18, 2026