Vulnerabilities > Pixabay Images Project > Pixabay Images > 2.3

DATE	CVE	VULNERABILITY TITLE	RISK
2015-01-28	CVE-2015-1376	Improper Access Control vulnerability in Pixabay Images Project Pixabay Images 2.3 pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com. network low complexity pixabay-images-project CWE-284	4.0
2015-01-28	CVE-2015-1375	Permissions, Privileges, and Access Controls vulnerability in Pixabay Images Project Pixabay Images 2.3 pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files. network low complexity pixabay-images-project CWE-264	7.5
2015-01-27	CVE-2015-1366	Cross-site Scripting vulnerability in Pixabay Images Project Pixabay Images 2.3 Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter. network pixabay-images-project CWE-79	4.3
2015-01-27	CVE-2015-1365	Path Traversal vulnerability in Pixabay Images Project Pixabay Images 2.3 Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. network low complexity pixabay-images-project CWE-22	5.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.