Vulnerabilities

CVE-2015-1376

by Fred · 28/01/2015

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

Date published : 2015-01-28

http://www.securityfocus.com/archive/1/534505/100/0/threaded

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php

Similar

Tags: Cybersecurity Alert