CVE-2015-10136

GI-Media Library < 3.0 - Directory Traversal

CVSS 7.5 HIGHEPSS 2.0%CWE-22

Vexday Risk Score

36Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 7.5EPSS 2.0%KEV nãoPoC —Nuclei —Metasploit simPatch —

Ciclo de vida

19 jul 2025Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

zishanj · GI-Media Library

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb https://plugins.trac.wordpress.org/changeset/1132677 https://wordpress.org/plugins/gi-media-library/#developers https://wpscan.com/vulnerability/7754 https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_file_read/https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve http://wordpressa.quantika14.com/repository/index.php?id=24