Unrestricted File Upload in Simple Ads Manager Plugin for WordPress
CVE-2015-2825

Currently unrated

Key Information:

Vendor

Wordpress
Status
Simple Ads Manager
Vendor
CVE Published:
21 April 2015

What is CVE-2015-2825?

The Simple Ads Manager plugin for WordPress prior to version 2.5.96 has a significant vulnerability due to unrestricted file uploads. This flaw allows remote attackers to upload files with executable extensions through the sam-ajax-admin.php script. Once the malicious file is uploaded, an attacker can easily execute arbitrary code by directly accessing the uploaded file via a crafted request, leading to potential compromise of the affected WordPress site.

References

https://www.exploit-db.com/exploits/36614/
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/131282/WordPress-Sim...
x_refsource_MISC
https://wordpress.org/plugins/simple-ads-manager/changelog/
x_refsource_CONFIRM

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.