Medium severity4.3NVD Advisory· Published Nov 6, 2019· Updated Jun 17, 2026
CVE-2014-9014
CVE-2014-9014
Description
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WP Marketplace plugindescription
- Range: <2.4.1
Patches
Vulnerability mechanics
References
2- security.szurek.pl/wp-marketplace-240-arbitrary-file-download.htmlnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/36466/nvdExploitThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.