RSS   Vulnerabilities for 'Pixabay images'   RSS

2015-01-28
 
CVE-2015-1376

CWE-284
 

 
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

 
 
CVE-2015-1375

CWE-264
 

 
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

 
2015-01-27
 
CVE-2015-1366

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.

 
 
CVE-2015-1365

CWE-22
 

 
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top