cleantalk
Vulnerabilities and Security Researches

Zip Attachments, CVE-2015-4694

CVE, Research URL

CVE-2015-4694

Home page URL

Security reports for Zip Attachments

Application

Zip Attachments

Published on
Jan 09, 2016
Research Description
Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.
Affected versions
max 1.5.1.
Status
vulnerable
Previous vulnerability researches
Zip Attachments (CVE-2015-4694) , Jun 07, 2024
Zip Attachments (CVE-2025-11692) , Nov 10, 2025
Zip Attachments (CVE-2025-11701) , Nov 10, 2025
New vulnerability
Password only login (CVE-2025-48093) , Nov 10, 2025
AI Engine (CVE-2025-11749) , Nov 10, 2025
Captivate Sync (CVE-2025-60221) , Nov 10, 2025
CE21 Suite (CVE-2025-11007) , Nov 10, 2025
CE21 Suite (CVE-2025-11008) , Nov 10, 2025