cbcvebase.
CVE-2013-5962
published 2013-09-30

CVE-2013-5962: Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote…

PriorityP354medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
14.77%
96.3th percentile
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.

Affected

24 ranges
VendorProductVersion rangeFixed in
envatocomplete_gallery_manager_plugin<= 3.3.3
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
envatocomplete_gallery_manager_plugin
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.