Vulnerability Details CVE-2014-5014
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2014-5014
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.10.7
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.11
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.12
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.12.1
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.12.2
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.13
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.13.1
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.14
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.14.1
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.14.2
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.14.3
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.14.4
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.14.5
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.15
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.15.1
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.15.2
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.16
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.16.1
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.16.2
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.16.3
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.16.4
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.16.5
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:2.9.1
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:3.1
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:3.1.1
-
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:3.1.2