CVE-2015-4133

Currently unrated

Key Information:

Vendor: Wordpress
Status: Reflex Gallery
Vendor: CVE Published:; 28 May 2015

Summary

Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.

References

http://packetstormsecurity.com/files/130845/

x_refsource_MISC

http://packetstormsecurity.com/files/131515/

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/7867

x_refsource_MISC

EPSS Score

82% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 28, 2015
Vulnerability Reserved
May 28, 2015