CVE-2015-5482

GD bbPress Attachments <2.3 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.

Scores

EPSS 0.0181
EPSS Percentile 75.9%

Details

CWE
CWE-22
Status published
Products (1)
dev4press/gd_bbpress_attachments < 2.2
Published Aug 18, 2015
Tracked Since Feb 18, 2026