CVE-2015-10136

GI-Media Library < 3.0 - Directory Traversal

CVSS 7.5 HIGHEPSS 2.0%CWE-22

Vexday Risk Score

36Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 7.5EPSS 2.0%KEV nãoPoC —Nuclei —Metasploit simPatch —

Lifecycle

19 Jul 2025Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

zishanj · GI-Media Library

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb https://plugins.trac.wordpress.org/changeset/1132677 https://wordpress.org/plugins/gi-media-library/#developers https://wpscan.com/vulnerability/7754 https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_file_read/https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve http://wordpressa.quantika14.com/repository/index.php?id=24