CVE-2015-2825

Currently unrated

Key Information:

Vendor: Wordpress
Status: Simple Ads Manager
Vendor: CVE Published:; 21 April 2015

Summary

Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter.

References

https://www.exploit-db.com/exploits/36614/

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/131282/WordPress-Sim...

x_refsource_MISC

https://wordpress.org/plugins/simple-ads-manager/changelog/

x_refsource_CONFIRM

EPSS Score

31% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 21, 2015
Vulnerability Reserved
Apr 1, 2015