Pixabay Images Project: >> Pixabay Images Security Vulnerabilities
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
CVSS Score
4.0
EPSS Score
0.705
Published
2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
CVSS Score
7.5
EPSS Score
0.198
Published
2015-01-28
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.
CVSS Score
4.3
EPSS Score
0.034
Published
2015-01-27
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.
CVSS Score
5.0
EPSS Score
0.22
Published
2015-01-27