Unrestricted File Upload Vulnerability in ReFlex Gallery Plugin for WordPress
CVE-2015-4133

Currently unrated

Key Information:

Vendor
Wordpress
Status
Reflex Gallery
Vendor
CVE Published:
28 May 2015

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 62%

Summary

The ReFlex Gallery plugin for WordPress contains an unrestricted file upload vulnerability that allows remote attackers to upload malicious PHP files through the file uploader. This vulnerability arises from insufficient validation and filtering of uploaded files, permitting attackers to execute arbitrary PHP code by accessing the uploaded file directly in the uploads directory. Versions prior to 3.1.4 are affected, making it critical for users to update their plugins to safeguard against potential exploits that could lead to unauthorized access and control over the affected WordPress site.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-4133
Created by sug4r-wr41th

References

http://packetstormsecurity.com/files/130845/
x_refsource_MISC
http://packetstormsecurity.com/files/131515/
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/7867
x_refsource_MISC

EPSS Score

62% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.