CVE-2015-1375

2015-01-2811:59:00

CWE-264

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.181 Low

EPSS

Percentile

96.2%

JSON

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

Affected configurations

NVD

Node

pixabay_images_projectpixabay_imagesRange≤2.3wordpress

References

packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html

seclists.org/fulldisclosure/2015/Jan/75

www.exploit-db.com/exploits/35846

www.openwall.com/lists/oss-security/2015/01/25/5

www.osvdb.org/117146

www.securityfocus.com/archive/1/534505/100/0/threaded

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php