CVE-2015-4133

Exploitation Summary

EIP tracks 4 public exploits for CVE-2015-4133. PoCs published by Metasploit, D3Ext, sug4r-wr41th, including Metasploit module exploits/unix/webapp/wp_reflexgallery_file_upload.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary PHP file upload vulnerability in WordPress Reflex Gallery 3.1.3, allowing remote code execution by uploading a malicious PHP file via a multipart form request.

Description

Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/36809

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary PHP file upload vulnerability in WordPress Reflex Gallery 3.1.3, allowing remote code execution by uploading a malicious PHP file via a multipart form request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Reflex Gallery 3.1.3

No auth needed

Prerequisites: Target running WordPress with Reflex Gallery 3.1.3 · Network access to the WordPress admin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 8 stars

by D3Ext · poc

https://github.com/D3Ext/CVE-2015-4133

View Code ZIP pw:eip

This is a functional exploit for CVE-2015-4133, targeting the Reflex Gallery WordPress plugin (version 3.1.3) to achieve arbitrary file upload and remote command execution. The script automates the upload of a PHP webshell and provides an interactive shell for command execution, including reverse shell capabilities.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Reflex Gallery plugin 3.1.3

No auth needed

Prerequisites: Target must have the vulnerable Reflex Gallery plugin installed · Target must have the upload directory accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by sug4r-wr41th · poc

https://github.com/sug4r-wr41th/CVE-2015-4133

View Code ZIP pw:eip

This PoC exploits an arbitrary file upload vulnerability in the ReFlex Gallery WordPress plugin (CVE-2015-4133). It sends a POST request to upload a file via the vulnerable endpoint, bypassing authentication.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ReFlex Gallery WordPress plugin <= 3.1.3

No auth needed

Prerequisites: Network access to the target WordPress site · ReFlex Gallery plugin installed and vulnerable

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Unknown · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_reflexgallery_file_upload.rb

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in WordPress Reflex Gallery 3.1.3, allowing remote code execution via PHP file upload. It leverages a multipart form data upload to bypass restrictions and deploy a payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Reflex Gallery 3.1.3

No auth needed

Prerequisites: Target running WordPress with Reflex Gallery 3.1.3 · Network access to the WordPress admin interface

MITRE ATT&CK