CVE-2015-1375

2015-01-2811:59:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.142

Percentile

95.8%

JSON

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

Affected configurations

Nvd

Node

pixabay_images_projectpixabay_imagesRange≤2.3wordpress

VendorProductVersionCPE
pixabay_images_projectpixabay_images*cpe:2.3:a:pixabay_images_project:pixabay_images:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
pixabay_images_project	pixabay_images	*	cpe:2.3:a:pixabay_images_project:pixabay_images::::::wordpress::*

References

packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html

seclists.org/fulldisclosure/2015/Jan/75

www.exploit-db.com/exploits/35846

www.openwall.com/lists/oss-security/2015/01/25/5

www.osvdb.org/117146

www.securityfocus.com/archive/1/534505/100/0/threaded

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php