Medium severity5.3NVD Advisory· Published Jan 12, 2016· Updated May 6, 2026

CVE-2015-4703

Description

Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter.

Affected products

Rename Project/Rename
cpe:2.3:a:rename_project:rename:1.0:*:*:*:*:wordpress:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/132460/WordPress-WP-Instance-Rename-1.0-File-Download.htmlnvdExploitPatch
www.openwall.com/lists/oss-security/2015/06/23/5nvdExploitPatch
www.vapid.dhs.org/advisory.phpnvdExploit
wpvulndb.com/vulnerabilities/8055nvdExploit
www.securityfocus.com/bid/75394nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000