Vulnerability CVE-2015-1375


Published: 2015-01-28

Description:
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

See advisories in our WLB2 database:
Topic
Author
Date
High
WordPress Pixarbay Images 2.3 XSS / Bypass / Upload / Traversal
Hans-Martin Muen...
20.01.2015

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Pixabay images project -> Pixabay images 

 References:
http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html
http://seclists.org/fulldisclosure/2015/Jan/75
http://www.exploit-db.com/exploits/35846
http://www.openwall.com/lists/oss-security/2015/01/25/5
http://www.securityfocus.com/archive/1/534505/100/0/threaded
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php

Copyright 2024, cxsecurity.com

 

Back to Top