Unrestricted File Upload Vulnerability in ReFlex Gallery Plugin for WordPress
CVE-2015-4133
Key Information:
- Vendor
Wordpress
- Status
- Vendor
- CVE Published:
- 28 May 2015
Badges
What is CVE-2015-4133?
The ReFlex Gallery plugin for WordPress contains an unrestricted file upload vulnerability that allows remote attackers to upload malicious PHP files through the file uploader. This vulnerability arises from insufficient validation and filtering of uploaded files, permitting attackers to execute arbitrary PHP code by accessing the uploaded file directly in the uploads directory. Versions prior to 3.1.4 are affected, making it critical for users to update their plugins to safeguard against potential exploits that could lead to unauthorized access and control over the affected WordPress site.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.