- EPSS 33.97%
- Veröffentlicht 28.01.2015 11:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
CVE-2015-1375
- EPSS 12.25%
- Veröffentlicht 28.01.2015 11:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
CVE-2015-1366
- EPSS 6.13%
- Veröffentlicht 27.01.2015 20:04:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.
- EPSS 13.42%
- Veröffentlicht 27.01.2015 20:04:21
- Zuletzt bearbeitet 06.05.2026 22:30:45
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.