Unrated severityNVD Advisory· Published May 28, 2015· Updated May 6, 2026

CVE-2015-4133

Description

Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.

Affected products

Reflex Gallery Project/Reflex Gallery
cpe:2.3:a:reflex_gallery_project:reflex_gallery:*:*:*:*:*:wordpress:*:*
Range: <=3.1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wordpress.org/plugins/reflex-gallery/changelog/nvdPatch
packetstormsecurity.com/files/130845/nvdExploit
packetstormsecurity.com/files/131515/nvdExploit
www.exploit-db.com/exploits/36809/nvdExploit
osvdb.org/show/osvdb/88853nvd
www.securityfocus.com/bid/57100nvd
wpvulndb.com/vulnerabilities/7867nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.060
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000