CVE-2015-5065 — MEDIUM (5.0)

Q: How severe is CVE-2015-5065?

CVE-2015-5065 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-5065?

Check the references section above for vendor advisories and patch information. Affected products include: Intelligent-It Paypal Currency Converter Basic For Woocommerce.

Vulnerability Description

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Intelligent-It	Paypal Currency Converter Basic For Woocommerce	< 1.4

Related Weaknesses (CWE)

CWE-22

References

http://packetstormsecurity.com/files/132278/WordPress-Paypal-Currency-Converter-ExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/75416Third Party AdvisoryVDB Entry
https://plugins.trac.wordpress.org/changeset/1179092/paypal-currency-converter-bThird Party Advisory
https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/chPatchThird Party Advisory
https://www.exploit-db.com/exploits/37253/ExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/132278/WordPress-Paypal-Currency-Converter-ExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/75416Third Party AdvisoryVDB Entry
https://plugins.trac.wordpress.org/changeset/1179092/paypal-currency-converter-bThird Party Advisory
https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/chPatchThird Party Advisory
https://www.exploit-db.com/exploits/37253/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2015-5065?

CVE-2015-5065 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read ...

How severe is CVE-2015-5065?

CVE-2015-5065 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-5065?

Check the references section above for vendor advisories and patch information. Affected products include: Intelligent-It Paypal Currency Converter Basic For Woocommerce.