CVE-2015-5471
MEDIUM EXPLOITED NUCLEISwim Team plugin <1.44.10777 - Path Traversal
Title source: llmDescription
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Larry W. Cashdollar · textwebappsphp
https://www.exploit-db.com/exploits/37601
Nuclei Templates (1)
Swim Team <= v1.44.10777 - Local File Inclusion
MEDIUMby 0x_Akoko
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://michaelwalsh.org/blog/2015/07/wp-swimteam-v1-45-beta-3-now-available/
Exploit x_refsource_misc
http://packetstormsecurity.com/files/132653/WordPress-WP-SwimTeam-1.44.10777-Arbitrary-File-Download.html
Exploit x_refsource_misc
https://wpvulndb.com/vulnerabilities/8071
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75600
Exploit x_refsource_misc
http://www.vapid.dhs.org/advisory.php?v=134
Patch, Vendor Advisory x_refsource_confirm
https://wordpress.org/support/topic/security-vulnerability-6
Scores
CVSS v3
5.3
EPSS
0.5400
EPSS Percentile
98.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
VulnCheck KEV
2026-02-12
CWE
CWE-22
Status
published
Products (1)
swim_team_project/swim_team
1.44.10777
Published
Jan 12, 2016
Tracked Since
Feb 18, 2026