Vulnerability Details : CVE-2015-1375
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
Products affected by CVE-2015-1375
- cpe:2.3:a:pixabay_images_project:pixabay_images:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1375
14.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1375
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-1375
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1375
-
http://seclists.org/fulldisclosure/2015/Jan/75
Full Disclosure: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple VulnerabilitiesExploit
-
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php
Diff [926633:1067992] for pixabay-images/trunk/pixabay-images.php – WordPress Plugin Repository
-
http://www.securityfocus.com/archive/1/534505/100/0/threaded
SecurityFocus
-
http://www.exploit-db.com/exploits/35846
WordPress Plugin Pixarbay Images 2.3 - Multiple VulnerabilitiesExploit
-
http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html
WordPress Pixarbay Images 2.3 XSS / Bypass / Upload / Traversal ≈ Packet StormExploit
-
http://www.openwall.com/lists/oss-security/2015/01/25/5
oss-security - CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities
Jump to