Unrated severityNVD Advisory· Published Jul 25, 2025· Updated Apr 8, 2026

Responsive Thumbnail Slider < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload

CVE-2015-10144

Description

The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected sites server using a double extension which may make remote code execution possible.

Affected products

nik00726/Thumbnail carousel sliderv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cxsecurity.com/issue/WLB-2015080170mitre
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_responsive_thumbnail_slider_upload.rbmitre
www.acunetix.com/vulnerabilities/web/wordpress-plugin-thumbnail-carousel-slider-arbitrary-file-upload-1-0/mitre
www.exploit-db.com/exploits/37998mitre
www.wordfence.com/threat-intel/vulnerabilities/id/6c396ae6-d34c-4554-b670-28868dc136a5mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000