WordPress Plugin Vulnerabilities

Image Export <= 1.1.0 - Directory Traversal

Description

The image-export WordPress plugin was affected by a Directory Traversal security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
image-export
No known fix

References

CVE
CVE-2015-5609
URL
https://packetstormsecurity.com/files/#132688/

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
9.1 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
2559a075-17a5-4fd6-9563-f4b3119b198c

Timeline

Publicly Published
2015-07-05 (about 10 years ago)
Added
2015-07-14 (about 10 years ago)
Last Updated
2022-04-12 (about 4 years ago)

Other

Published
Title
Published
2025-01-06
Title
MIPL WC Multisite Sync < 1.1.6 - Unauthenticated Arbitrary File Download
Published
2025-05-16
Title
Tainacan < 0.21.15 - Unauthenticated Arbitrary File Deletion
Published
2025-09-23
Title
BM Content Builder < 3.16.3.3 - Authenticated (Contributor+) Arbitrary File Deletion
Published
2018-09-19
Title
Wechat Broadcast <= 1.2.0 - Local/Remote File Inclusion
Published
2025-08-20
Title
Kitring <= 2.8 - Unauthenticated Local File Inclusion