Medium severity5.3NVD Advisory· Published Jan 12, 2016· Updated May 6, 2026

CVE-2015-5471

Description

Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.

Affected products

Swim Team Project/Swim Team
cpe:2.3:a:swim_team_project:swim_team:1.44.10777:*:*:*:*:wordpress:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wordpress.org/support/topic/security-vulnerability-6nvdPatchVendor Advisory
packetstormsecurity.com/files/132653/WordPress-WP-SwimTeam-1.44.10777-Arbitrary-File-Download.htmlnvdExploit
www.vapid.dhs.org/advisory.phpnvdExploit
wpvulndb.com/vulnerabilities/8071nvdExploit
michaelwalsh.org/blog/2015/07/wp-swimteam-v1-45-beta-3-now-available/nvd
www.securityfocus.com/bid/75600nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.043
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000