CVE-2015-1375 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2015-1375

CWE

https://cwe.mitre.org/data/definitions/264.html

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

Affected Software

Name	Vendor	Start Version	End Version
Pixabay_images	Pixabay_images_project	*	2.3 (including)

References

http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html
http://seclists.org/fulldisclosure/2015/Jan/75
http://www.exploit-db.com/exploits/35846
http://www.openwall.com/lists/oss-security/2015/01/25/5
http://www.osvdb.org/117146
http://www.securityfocus.com/archive/1/534505/100/0/threaded
https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php\u0026old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php