2 matches found
CVE-2015-5482
The CVE refers to the WordPress plugin GD bbPress Attachments, affected versions prior to 2.3. The vulnerability is a directory traversal in the gdbbpress_attachments page (tab parameter) that allows remote administrators to include and execute local files via wp-admin/edit.php. Impact is arbitra...
CVE-2015-5481
The CVE-2015-5481 entry documents a Cross-site scripting (XSS) vulnerability in the GD bbPress Attachments WordPress plugin. Affects versions prior to 2.3, vulnerable code resides in forms/panels.php where the tab parameter of gdbbpress_attachments (on wp-admin/edit.php) is not properly filtered,...