CVE-2015-10144
Responsive Thumbnail Slider < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload
Vexday Risk Score
36Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 8.8EPSS 2.1%KEV nãoPoC —Nuclei —Metasploit simPatch —
Ciclo de vida
28 ago 2015Exploit Metasploit disponível
25 jul 2025Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected sites server using a double extension which may make remote code execution possible.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
nik00726 · Thumbnail carousel sliderQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://cxsecurity.com/issue/WLB-2015080170https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_responsive_thumbnail_slider_upload.rbhttps://www.acunetix.com/vulnerabilities/web/wordpress-plugin-thumbnail-carousel-slider-arbitrary-file-upload-1-0/https://www.exploit-db.com/exploits/37998https://www.wordfence.com/threat-intel/vulnerabilities/id/6c396ae6-d34c-4554-b670-28868dc136a5?source=cve