VYPR

WP Marketplace

by WordPress

CVEs (2)

  • CVE-2014-9013HigNov 6, 2019
    risk 0.64cvss 8.8epss 0.48

    The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user.

  • CVE-2014-9014MedNov 6, 2019
    risk 0.32cvss 4.3epss 0.12

    Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.