8.8

CVE-2015-10144

Exploit

EPSS 0.58%
Veröffentlicht 25.07.2025 03:15:32
Zuletzt bearbeitet 16.12.2025 14:57:31
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Responsive Thumbnail Slider < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload

The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected sites server using a double extension which may make remote code execution possible.

Mögliche Gegenmaßnahme

Thumbnail carousel slider: Update to version 1.0.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Thumbnail carousel slider

Version [*, 1.0.1)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

I13websolution ≫ Thumbnail Carousel Slider SwPlatformwordpress Version <= 1.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.684

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://cxsecurity.com/issue/WLB-2015080170

Exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_responsive_thumbnail_slider_upload.rb

Exploit

https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-thumbnail-carousel-slider-arbitrary-file-upload-1-0/

Technical Description

https://www.exploit-db.com/exploits/37998

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/6c396ae6-d34c-4554-b670-28868dc136a5?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/6c396ae6-d34c-4554-b670-28868dc136a5

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-10144

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-10144

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-10144

EUVD