Arbitrary Code Execution in File Gallery Plugin for WordPress
CVE-2014-2558

Currently unrated

Key Information:

Vendor

Wordpress
Status
File-gallery
Vendor
CVE Published:
6 May 2014

What is CVE-2014-2558?

The File Gallery plugin for WordPress, prior to version 1.7.9.2, is susceptible to an arbitrary code execution vulnerability due to improper string escaping. This flaw allows remote administrators to inject and execute arbitrary PHP code through carefully crafted input in the settings fields accessed via /wp-admin/options-media.php. The vulnerability is linked to the create_function function, which can be exploited by attackers with administrative privileges, potentially leading to severe security implications for the affected WordPress installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://wordpress.org/plugins/file-gallery/changelog/
x_refsource_MISC
http://www.securityfocus.com/bid/67120
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2014/Apr/305
mailing-listx_refsource_FULLDISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.