Unrestricted File Upload in Simple Ads Manager Plugin for WordPress
CVE-2015-2825

Currently unrated

Key Information:

Vendor: Wordpress
Status: Simple Ads Manager
Vendor: CVE Published:; 21 April 2015

Summary

The Simple Ads Manager plugin for WordPress prior to version 2.5.96 has a significant vulnerability due to unrestricted file uploads. This flaw allows remote attackers to upload files with executable extensions through the sam-ajax-admin.php script. Once the malicious file is uploaded, an attacker can easily execute arbitrary code by directly accessing the uploaded file via a crafted request, leading to potential compromise of the affected WordPress site.

References

https://www.exploit-db.com/exploits/36614/

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/131282/WordPress-Sim...

x_refsource_MISC

https://wordpress.org/plugins/simple-ads-manager/changelog/

x_refsource_CONFIRM

EPSS Score

31% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 21, 2015
Vulnerability Reserved
Apr 1, 2015