CVE-2014-5460

Tribulant Slideshow Gallery < 1.4.7 - Authenticated Arbitrary File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2014-5460. PoCs published by Claudio Viviani, Jesus Ramirez Pichardo, F-0x57, including Metasploit module exploits/unix/webapp/wp_slideshowgallery_upload.

AI-analyzed exploit summary This exploit targets a shell upload vulnerability in WordPress Slideshow Gallery plugin 1.4.6 (CVE-2014-5460). It authenticates as a user, then uploads a malicious file via a multipart form, bypassing restrictions to achieve remote code execution.

Description

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Claudio Viviani · pythonwebappsphp
https://www.exploit-db.com/exploits/34681

This exploit targets a shell upload vulnerability in WordPress Slideshow Gallery plugin 1.4.6 (CVE-2014-5460). It authenticates as a user, then uploads a malicious file via a multipart form, bypassing restrictions to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress Slideshow Gallery plugin 1.4.6
Auth required
Prerequisites: Valid WordPress credentials · User management slide enabled · Network access to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Jesus Ramirez Pichardo · textwebappsphp
https://www.exploit-db.com/exploits/34514

This exploit demonstrates a remote shell upload vulnerability in the WordPress Slideshow Gallery plugin version 1.4.6. It allows authenticated users to upload a PHP backdoor via a multipart form submission, leading to remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress Slideshow Gallery plugin version 1.4.6
Auth required
Prerequisites: Authenticated user access to WordPress admin panel · Slideshow Gallery plugin version 1.4.6 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 2 stars
by F-0x57 · poc
https://github.com/F-0x57/CVE-2014-5460

This repository provides a technical writeup for CVE-2014-5460, detailing the exploit process with screenshots and usage instructions. It references an external exploit (Exploit-DB 34514) but does not include functional exploit code.

Classification
Writeup 80%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Unknown (likely a web application with a specific path /weblog/)
Auth required
Prerequisites: Valid credentials (admin/admin) · Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Jesus Ramirez Pichardo · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb

This Metasploit module exploits an authenticated file upload vulnerability in the WordPress SlideShow Gallery plugin (CVE-2014-5460), allowing arbitrary PHP file upload and remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress SlideShow Gallery 1.4.6
Auth required
Prerequisites: Valid WordPress credentials · SlideShow Gallery plugin version 1.4.6 or earlier
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/34681
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/533281/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60074
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/34514
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95676

Scores

EPSS 0.7089
EPSS Percentile 99.3%

Details

CWE
CWE-20
Status published
Products (7)
tribulant/tibulant_slideshow_gallery 1.4
tribulant/tibulant_slideshow_gallery 1.4.1
tribulant/tibulant_slideshow_gallery 1.4.2
tribulant/tibulant_slideshow_gallery 1.4.3
tribulant/tibulant_slideshow_gallery 1.4.4
tribulant/tibulant_slideshow_gallery 1.4.5
tribulant/tibulant_slideshow_gallery < 1.4.6
Published Sep 11, 2014
Tracked Since Feb 18, 2026