Description
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
Exploits (1)
exploitdb
WORKING POC
by Hans-Martin Muench · textwebappsphp
https://www.exploit-db.com/exploits/35846
References (7)
Core 7
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jan/75
Product x_refsource_confirm
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/117146
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/35846
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534505/100/0/threaded
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/25/5
Scores
EPSS
0.2478
EPSS Percentile
96.2%
Details
CWE
CWE-264
Status
published
Products (1)
pixabay_images_project/pixabay_images
< 2.3
Published
Jan 28, 2015
Tracked Since
Feb 18, 2026