VYPR
Unrated severityNVD Advisory· Published Sep 3, 2014· Updated Jun 17, 2026No known patch

CVE-2014-5465

CVE-2014-5465

Description

Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:a:werdswords:download_shortcode:0.1:*:*:*:*:wordpress:*:*+ 3 more
    • cpe:2.3:a:werdswords:download_shortcode:0.1:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:werdswords:download_shortcode:0.2.2:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:werdswords:download_shortcode:0.2:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:werdswords:download_shortcode:*:*:*:*:*:wordpress:*:*range: <=0.2.3
  • Range: <=0.2.3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.