Unrated severityNVD Advisory· Published Sep 11, 2014· Updated May 6, 2026
CVE-2014-5460
CVE-2014-5460
Description
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
Affected products
7cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.1:*:*:*:*:wordpress:*:*+ 6 more
- cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:tribulant:tibulant_slideshow_gallery:*:*:*:*:*:wordpress:*:*range: <=1.4.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- wordpress.org/plugins/slideshow-gallery/changelognvdPatch
- packetstormsecurity.com/files/128069/WordPress-Slideshow-Gallery-1.4.6-Shell-Upload.htmlnvdExploit
- whitexploit.blogspot.mx/2014/08/wordpress-slideshow-gallery-146-shell.htmlnvdExploit
- www.exploit-db.com/exploits/34514nvdExploit
- www.exploit-db.com/exploits/34681nvdExploit
- secunia.com/advisories/60074nvd
- www.securityfocus.com/archive/1/533281/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/95676nvd
News mentions
0No linked articles in our index yet.