Vulnerability CVE-2015-1375

Vulnerability CVE-2015-1375

Published: 2015-01-28

Description:

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

See advisories in our WLB2 database:

	Topic	Author	Date
High	WordPress Pixarbay Images 2.3 XSS / Bypass / Upload / Traversal	Hans-Martin Muen...	20.01.2015

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Pixabay images project -> Pixabay images

References:

http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html

http://seclists.org/fulldisclosure/2015/Jan/75

http://www.exploit-db.com/exploits/35846

http://www.openwall.com/lists/oss-security/2015/01/25/5

http://www.securityfocus.com/archive/1/534505/100/0/threaded

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php

Vulnerability CVE-2015-1375

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

See advisories in our WLB2 database:

High

WordPress Pixarbay Images 2.3 XSS / Bypass / Upload / Traversal

CWE-264

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

7.5/10

6.4/10

10/10

Remote

Low

No required

Partial

Partial

Partial

Affected software

References: