Exploitation Summary
EIP tracks 2 public exploits for CVE-2015-1376.
PoCs published by Hans-Martin Muench, h0ng10, including Metasploit module exploits/unix/webapp/wp_pixabay_images_upload.
AI-analyzed exploit summary This Python script exploits an authentication bypass and arbitrary file upload vulnerability in the WP Pixabay Images WordPress plugin (version 2.3). It allows an attacker to upload a malicious PHP file from a remote URL to a target WordPress site by leveraging path traversal and lack of host validation.
Description
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
Exploits (2)
This Python script exploits an authentication bypass and arbitrary file upload vulnerability in the WP Pixabay Images WordPress plugin (version 2.3). It allows an attacker to upload a malicious PHP file from a remote URL to a target WordPress site by leveraging path traversal and lack of host validation.
This Metasploit module exploits a vulnerability in the WordPress Pixabay Images plugin (2.3.6) by uploading malicious PHP code via an unchecked download URL. It leverages directory traversal to store and execute the payload.