CVE-2019-14205

HIGH EXPLOITED IN THE WILD NUCLEI

Nevma Adaptive Images <0.6.67 - Local File Inclusion

Title source: llm

Description

A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.

Nuclei Templates (1)

WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion

HIGHby pikpikcu

References (4)

[Exploit, Third Party Advisory] https://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown

View Exploit ZIP pw:eip

[Exploit, Third Party Advisory] https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html

[Release Notes, Third Party Advisory] https://wordpress.org/plugins/adaptive-images/#developers

[Exploit, Third Party Advisory] https://wpvulndb.com/vulnerabilities/9468

Scores

CVSS v3 7.5

EPSS 0.8333

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2021-04-12

InTheWild.io 2021-04-12

CWE

CWE-22

Status published

Products (1)

nevma/adaptive_images < 0.6.67

Published Jul 21, 2019

Tracked Since Feb 18, 2026