CVE-2015-10144

HIGH

Responsive Thumbnail Slider <1.0.1 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-10144. PoCs published by Arash Khazaei, Arash Khazaei, Shelby Pace, including Metasploit module exploits/multi/http/wp_responsive_thumbnail_slider_upload.

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in the WordPress Responsive Thumbnail Slider plugin version 1.0. The exploit involves uploading a file with a double extension and intercepting the request to modify the filename to achieve remote code execution.

Description

The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected sites server using a double extension which may make remote code execution possible.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Arash Khazaei · textwebappsphp
https://www.exploit-db.com/exploits/37998

This is a writeup describing an arbitrary file upload vulnerability in the WordPress Responsive Thumbnail Slider plugin version 1.0. The exploit involves uploading a file with a double extension and intercepting the request to modify the filename to achieve remote code execution.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress Responsive Thumbnail Slider Plugin 1.0
Auth required
Prerequisites: Access to WordPress admin panel · BurpSuite or similar intercepting proxy
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Arash Khazaei, Shelby Pace · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_responsive_thumbnail_slider_upload.rb

This Metasploit module exploits an arbitrary file upload vulnerability in the WordPress Responsive Thumbnail Slider plugin v1.0, allowing authenticated attackers to upload and execute malicious PHP files. It includes authentication, version checking, and payload delivery mechanisms.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress Responsive Thumbnail Slider Plugin v1.0
Auth required
Prerequisites: WordPress credentials · Responsive Thumbnail Slider Plugin v1.0 installed
devstral-2 · analyzed May 27, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 8.8
EPSS 0.0202
EPSS Percentile 78.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (2)
i13websolution/thumbnail_carousel_slider < 1.0.1
nik00726/Thumbnail carousel slider < 1.0.1
Published Jul 25, 2025
Tracked Since Feb 18, 2026