Vulnerability Description
The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zishanj | Gi-Media-Library | < 3.0 |
Related Weaknesses (CWE)
References
- http://wordpressa.quantika14.com/repository/index.php?id=24Broken Link
- https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wProduct
- https://plugins.trac.wordpress.org/changeset/1132677Patch
- https://wordpress.org/plugins/gi-media-library/#developersProduct
- https://wpscan.com/vulnerability/7754Broken Link
- https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_fileThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-913Third Party Advisory
FAQ
What is CVE-2015-10136?
CVE-2015-10136 is a vulnerability with a CVSS score of 7.5 (HIGH). The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrar...
How severe is CVE-2015-10136?
CVE-2015-10136 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-10136?
Check the references section above for vendor advisories and patch information. Affected products include: Zishanj Gi-Media-Library.