CVE-2015-10136

Опубликовано: 19 июл. 2025

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Ссылки

http://wordpressa.quantika14.com/repository/index.php?id=24
Broken Link
https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb
Product
https://plugins.trac.wordpress.org/changeset/1132677
Patch
https://wordpress.org/plugins/gi-media-library/#developers
Product
https://wpscan.com/vulnerability/7754
Broken Link
https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_file_read/
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zishanj:gi-media-library:*:*:*:*:*:wordpress:*:*

Версия до 3.0 (исключая)

EPSS

Процентиль: 98%

0.48596

Средний

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-2rvr-53rv-hrfq