CVE-2015-1376
published 2015-01-28CVE-2015-1376: pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to…
PriorityP342medium4CVSS 2.0
AVNACLAuSCNIPAN
EXPLOIT
EPSS
33.97%
98.2th percentile
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pixabay_images_project | pixabay_images | <= 2.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for POST requests to /wp-admin/ containing the parameter 'pixabay_upload=1' combined with an 'image_url' parameter pointing to an external/attacker-controlled host (not pixabay.com). This is the core exploit trigger. ↗
- →Detect path traversal sequences in the 'q' parameter of POST requests to /wp-admin/ (e.g., '../../' patterns), which are used to write files outside the intended 'download' folder. ↗
- →Flag POST requests to /wp-admin/ with Content-Type 'application/x-www-form-urlencoded' containing 'pixabay_upload=1' and an image_url referencing a non-pixabay.com host, as the plugin does not validate the hostname. ↗
- →The plugin does not check if the user is logged in (authentication bypass), so exploit attempts may arrive without a valid WordPress session cookie — monitor unauthenticated POST requests to /wp-admin/ with 'pixabay_upload=1'. ↗
- →The Metasploit module targets this vulnerability to store and execute malicious PHP code; look for newly created PHP files in unexpected WordPress upload/download directories following a pixabay_upload POST. ↗
- ·The authentication bypass vulnerability means exploitation does not require valid credentials; detections relying solely on authenticated-user monitoring will miss unauthenticated attack attempts. ↗
- ·Only Pixabay Images plugin versions prior to 2.4 are vulnerable; version 2.4 contains the fix. Ensure the installed plugin version is confirmed before applying detections to avoid false positives on patched installs. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Pixarbay Images 2.3 - Multiple Vulnerabilities
exploitdb·2015-01-20
CVE-2015-1376 WordPress Plugin Pixarbay Images 2.3 - Multiple Vulnerabilities
WordPress Plugin Pixarbay Images 2.3 - Multiple Vulnerabilities
---
Mogwai Security Advisory MSA-2015-01
Title: WP Pixarbay Images Multiple Vulnerabilities
Product: Pixarbay Images (Wordpress Plugin)
Affected versions: 2.3
Impact: high
Remote: yes
Product link: https://wordpress.org/plugins/pixabay-images/
Reported: 14/01/2015
by: Hans-Martin Muench (Mogwai, IT-Sicherheitsberatung Muench)
Vendor's Description of the Software:
Pixabay Images is a WordPress plugin that let's you pick CC0 public
domain pictures from Pixabay and insert them with just a click anywhere
on your blog. The images are safe to use, and paying attribution or
linking back to the source is not required.
Business recommendation:
Update to version 2.4
Vulnerability description:
1) Authentication bypass
The plugin d
Metasploit
WordPress Pixabay Images PHP Code Upload
metasploit
WordPress Pixabay Images PHP Code Upload
WordPress Pixabay Images PHP Code Upload
This module exploits multiple vulnerabilities in the WordPress plugin Pixabay Images 2.3.6. The plugin does not check the host of a provided download URL which can be used to store and execute malicious PHP code on the system.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.htmlhttp://seclists.org/fulldisclosure/2015/Jan/75http://www.exploit-db.com/exploits/35846http://www.openwall.com/lists/oss-security/2015/01/25/5http://www.securityfocus.com/archive/1/534505/100/0/threadedhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.phphttp://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.htmlhttp://seclists.org/fulldisclosure/2015/Jan/75http://www.exploit-db.com/exploits/35846http://www.openwall.com/lists/oss-security/2015/01/25/5http://www.securityfocus.com/archive/1/534505/100/0/threadedhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php
2015-01-28
Published