Login Sign Up

CVE-2015-7669

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to perform directory traversal attacks via the csvfile parameter in the Easy2Map WordPress plugin. Attackers can include and execute arbitrary files on the server, potentially leading to remote code execution. All WordPress sites running Easy2Map plugin versions before 1.3.0 are affected.

💻 Affected Systems

Products:
  • WordPress Easy2Map plugin
Versions: All versions before 1.3.0
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default plugin configuration. Requires plugin to be installed and active.

📦 What is this software?

Easy2map by Easy2map

View all CVEs affecting Easy2map →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, website defacement, malware distribution, or use as part of a botnet.

🟠

Likely Case

Remote code execution allowing attackers to upload webshells, modify website content, or steal sensitive data.

🟢

If Mitigated

Limited impact if proper file permissions and web application firewalls are in place, though directory traversal may still expose sensitive files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is straightforward via HTTP requests to vulnerable endpoints with directory traversal payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.0

Vendor Advisory: https://wordpress.org/plugins/easy2map/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Easy2Map plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install version 1.3.0 or later from WordPress repository.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Deactivate and remove the Easy2Map plugin if not essential

wp plugin deactivate easy2map
wp plugin delete easy2map

Web Application Firewall rule

all

Block requests containing directory traversal patterns to vulnerable endpoints

🧯 If You Can't Patch

  • Implement strict file permissions on web directories to limit damage
  • Deploy web application firewall with rules blocking directory traversal patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Easy2Map version. If version is below 1.3.0, system is vulnerable.

Check Version:

wp plugin list --name=easy2map --field=version

Verify Fix Applied:

Confirm Easy2Map plugin version is 1.3.0 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /wp-content/plugins/easy2map/includes/MapImportCSV*.php with ../ patterns in parameters
  • Unusual file inclusion or execution attempts in web server logs

Network Indicators:

  • HTTP POST requests with csvfile parameter containing directory traversal sequences (../, ..\)

SIEM Query:

source="web_logs" AND (uri_path="*MapImportCSV*.php" AND (param="*../*" OR param="*..\*"))

📊 Metadata

CVE ID: CVE-2015-7669
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: December 27, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-7669, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2017-12815 10.0

CVE-2017-12815 is a critical path traversal vulnerability in Bomgar Remote Support Portal's JavaStar...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)