WordPress Plugin Vulnerabilities

Pixabay Images <= 2.3 - Multiple Vulnerabilities (RCE, XSS, ...)

Description

1) Authentication bypass
The plugin does not correctly check if the user is logged in. Certain
code can be called without authentication

2) Arbitrary file upload
The plugin code does not validate the host in the provided download URL,
which allows to upload malicious files, including PHP code.

3) Path Traversal
Certain values are not sanitized before they are used in a file operation.
This allows to store files outside of the "download" folder.

4) Cross Site Scripting (XSS)
The generated author link uses unsanitized user values which can be
abused for Cross Site Scripting (XSS) attacks.

Affects Plugins

Plugin icon
pixabay-images
Fixed in 2.4

References

CVE
CVE-2015-1365
CVE
CVE-2015-1366
CVE
CVE-2015-1375
CVE
CVE-2015-1376
Exploitdb
35846
URL
exploit/unix/webapp/wp_pixabay_images_upload
URL
https://packetstormsecurity.com/files/#130017/

Miscellaneous

Submitter
Hans-Martin Münch
Submitter twitter
h0ng10
Verified
Yes
WPVDB ID
271fdfa8-a2da-4a3c-a8b3-2969d830ba73

Timeline

Publicly Published
2015-02-04 (about 11 years ago)
Added
2015-01-19 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2015-01-03
Title
SimpleFlickr 3.0.3 - CSRF & XSS
Published
2014-09-29
Title
Category Page Icons <= 0.9.1 - Arbitrary File Upload/Deletion via Path Traversal
Published
2019-10-17
Title
Sliced Invoices < 3.8.4 - Multiple Vulnerabilities
Published
2015-05-19
Title
FeedWordPress < 2015.0514 - XSS & SQL-Injection
Published
2014-08-01
Title
FoxyPress 0.4.2.5-0.4.2.8 - Multiple Vulnerabilities