Vulnerability Details : CVE-2015-9455
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
Vulnerability category: Directory traversalCross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2015-9455
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less