Directory Traversal Vulnerability in Pixabay Images Plugin for WordPress
CVE-2015-1365

Currently unrated

Key Information:

Vendor: Wordpress
Status: Pixabay Images
Vendor: CVE Published:; 27 January 2015

Summary

A directory traversal vulnerability exists in the Pixabay Images plugin for WordPress prior to version 2.4, specifically within the pixabay-images.php file. This flaw enables remote attackers to craft a malicious request containing '/../' sequences in the query parameter, potentially allowing them to write arbitrary files on the server. If exploited, this vulnerability could lead to unauthorized access and manipulation of sensitive data, emphasizing the importance of upgrading to the latest version of the plugin and ensuring proper security measures are in place.

References

http://seclists.org/fulldisclosure/2015/Jan/75

mailing-listx_refsource_FULLDISC

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/100036

vdb-entryx_refsource_XF

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 27, 2015
Vulnerability Reserved
Jan 27, 2015