CVE-2015-10136

GI-Media Library < 3.0 - Directory Traversal

CVSS 7.5 HIGHEPSS 2.0%CWE-22

Vexday Risk Score

36Atenção

Decisão SSVC (CISA)

Attend

PoC disponível → acompanhar de perto

CVSS 7.5EPSS 2.0%KEV nãoPoC —Nuclei —Metasploit simPatch —

Ciclo de vida

19 jul 2025Publicada no NVD

Recomendação: Planejar correção próxima — já existe PoC pública.

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

zishanj · GI-Media Library

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb https://plugins.trac.wordpress.org/changeset/1132677 https://wordpress.org/plugins/gi-media-library/#developers https://wpscan.com/vulnerability/7754 https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_file_read/https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve http://wordpressa.quantika14.com/repository/index.php?id=24