Cool Video Gallery <= 1.9 - Authenticated Comm& Injection

Affects Plugin

fixed in version 2.0
- plugin closed

References

CVE 2015-7527
URL http://www.vapidlabs.com/advisory.php?v=158
URL https://www.openwall.com/lists/oss-security/2015/12/02/9
URL https://wordpress.org/support/topic/command-injection-vulnerability-in-v19
URL https://seclists.org/bugtraq/2015/Dec/27
URL https://plugins.trac.wordpress.org/changeset/1368619/cool-video-gallery

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Submitter ethicalhack3r
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 7143
Verified No
WPVDB ID 8348

Timeline

Publicly Published 2015-12-02 (over 4 years ago)
Added 2015-12-04 (over 4 years ago)
Last Updated 2019-10-31 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin