- EPSS 70.51%
- Veröffentlicht 28.01.2015 11:59:07
- Zuletzt bearbeitet 12.04.2025 10:46:40
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
CVE-2015-1375
- EPSS 24.78%
- Veröffentlicht 28.01.2015 11:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
CVE-2015-1366
- EPSS 4.88%
- Veröffentlicht 27.01.2015 20:04:22
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.
- EPSS 27.25%
- Veröffentlicht 27.01.2015 20:04:21
- Zuletzt bearbeitet 12.04.2025 10:46:40
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.