WordPress Plugin Vulnerabilities

GI-Media Library < 3.0 - Arbitrary File Download

Description

The gi-media-library WordPress plugin was affected by an Arbitrary File Download security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
gi-media-library
Fixed in 3.0

References

URL
http://wordpressa.quantika14.com/repository/index.php?id=24
URL
https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
3169d739-6447-49ab-92a4-864162e86094

Timeline

Publicly Published
2015-01-15 (about 11 years ago)
Added
2015-01-15 (about 11 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2025-09-26
Title
Workreap < 3.3.6 - Authenticated (Subscriber+) Arbitrary File Deletion
Published
2015-07-03
Title
Swim Team < 1.45 - Local File Inclusion
Published
2025-01-07
Title
InfiniteWP Client < 1.13.1 - Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading
Published
2026-02-05
Title
User Extra Fields <= 17.0 - Unauthenticated Arbitrary File Deletion
Published
2024-08-09
Title
Web Directory Free < 1.7.3 - Unauthenticated LFI