Unrestricted File Upload Vulnerability in Powerplay Gallery Plugin for WordPress
CVE-2015-5681

Currently unrated

Key Information:

Vendor: Wordpress
Status: Powerplay Gallery
Vendor: CVE Published:; 18 August 2015

Summary

The Powerplay Gallery plugin version 3.3 for WordPress is susceptible to an unrestricted file upload vulnerability. This flaw allows malicious actors to upload files with executable extensions. Once uploaded, these files can be accessed directly, potentially enabling attackers to execute arbitrary code on the server. This vulnerability raises significant security concerns for any site using this plugin, as it opens up pathways for unauthorized access and exploitation.

References

http://www.openwall.com/lists/oss-security/2015/07/20/1

mailing-listx_refsource_MLIST

http://www.vapid.dhs.org/advisory.php?v=132

x_refsource_MISC

http://seclists.org/fulldisclosure/2015/Jul/64

mailing-listx_refsource_FULLDISC

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 18, 2015
Vulnerability Reserved
Jul 27, 2015