3 matches found
WordPress ShowBiz Pro <= 1.7.1 - Authenticated Arbitrary File Upload to RCE
The WordPress ShowBiz Pro plugin version = 1.7.1 allows arbitrary PHP file upload via the admin-ajax.php endpoint.This leads to unauthenticated remote code execution. id: CVE-2015-9499 info: name: WordPress ShowBiz Pro = 1.7.1 - Authenticated Arbitrary File Upload to RCE author:...
CVE-2015-9499
creationtimestamp| type| source ---|---|--- 2019-10-23 00:27:26+00:00| seen| https://t.me/cibsecurity/7569 2019-10-28 15:46:25+00:00| seen| https://t.me/cibsecurity/7692 2025-06-12 11:30:37+00:00| confirmed|...
CVE-2015-9499
CVE-2015-9499 affects the WordPress ShowBiz Pro plugin (≤ 1.7.1). The connected template details an authenticated arbitrary file upload to the WordPress admin endpoint (admin-ajax.php) that can upload a PHP file (e.g., inside a ZIP) and lead to remote code execution. Impact described: full server...