CVE-2015-1375

Published: Jan 28, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

Affected (1)

Products: Pixabay Images Project: Pixabay Images

Pixabay Images Project

1 product

Pixabay Images

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pixabay Images Project Pixabay Images	Up to 2.3

Related CWEs

CWE-264

References (14)

http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2015/Jan/75

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/35846

Source: cve@mitre.org

Exploit

http://www.openwall.com/lists/oss-security/2015/01/25/5

Source: cve@mitre.org

http://www.osvdb.org/117146

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/534505/100/0/threaded

Source: cve@mitre.org

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php

Source: cve@mitre.org

http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html