ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Powerplay Gallery Plugin <= 3.3 - Unrestricted File Upload

Product
Powerplay Gallery
Description
This vulnerability allows an attacker to execute arbitrary code by uploading a file with an executable extension. After that an attacker access it via a direct request to the file in *_uploadfolder/big/.
Solution
Update the plugin.
Classification
Type Remote File Inclusion
References
CVE Mitre
CVE
Name CVE-2015-5681
Versions
Affected In <= 3.3
Fixed In 3.4
Disclosure date
2015-07-27