High severity7.5NVD Advisory· Published Jul 19, 2025· Updated Jun 17, 2026
CVE-2015-10136
CVE-2015-10136
Description
The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<3.0+ 1 more
- (no CPE)range: <3.0
- (no CPE)
- Range: 0
Patches
Vulnerability mechanics
References
7- plugins.trac.wordpress.org/changeset/1132677nvdPatch
- www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_file_read/nvdThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3nvdThird Party Advisory
- wordpressa.quantika14.com/repository/index.phpnvdBroken Link
- github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rbnvdProduct
- wordpress.org/plugins/gi-media-library/nvdProduct
- wpscan.com/vulnerability/7754nvdBroken Link
News mentions
0No linked articles in our index yet.