CVE-2015-10136

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://wordpressa.quantika14.com/repository/index.php?id=24	Broken Link
https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb	Product
https://plugins.trac.wordpress.org/changeset/1132677	Patch
https://wordpress.org/plugins/gi-media-library/#developers	Product
https://wpscan.com/vulnerability/7754	Broken Link
https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_file_read/	Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zishanj:gi-media-library:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2025-07-19 10:15

Updated : 2025-12-16 16:40

NVD link : CVE-2015-10136

Mitre link : CVE-2015-10136

CVE.ORG link : CVE-2015-10136

JSON object : View

Products Affected

zishanj

gi-media-library

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2015-10136", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-07-19T10:15:23.773", "references": [{"url": "http://wordpressa.quantika14.com/repository/index.php?id=24", "tags": ["Broken Link"], "source": "security@wordfence.com"}, {"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/1132677", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://wordpress.org/plugins/gi-media-library/#developers", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://wpscan.com/vulnerability/7754", "tags": ["Broken Link"], "source": "security@wordfence.com"}, {"url": "https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_file_read/", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information."}, {"lang": "es", "value": "El complemento GI-Media Library para WordPress es vulnerable a Directory Traversal en versiones anteriores a la 3.0 mediante el par\u00e1metro 'fileid'. Esto permite a atacantes no autenticados leer el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial."}], "lastModified": "2025-12-16T16:40:40.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zishanj:gi-media-library:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2A4E11E6-EA4D-463D-B825-CDD1B4680421", "versionEndExcluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}