CVE-2015-9455
The CVE-2015-9455 issue affects the WordPress plugin buddypress-activity-plus (before 1.6.2). The vulnerability is a CSRF leading to directory traversal via the wp-admin/admin-ajax.php parameter bpfb_photos[] in the action bpfb_remove_temp_images . This can enable an attacker to traverse director...