Unrated severityNVD Advisory· Published Aug 18, 2015· Updated Jun 17, 2026
CVE-2015-5681
CVE-2015-5681
Description
Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:wpslideshow:powerplay_gallery:3.3:*:*:*:*:wordpress:*:*
- Range: <=3.3
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.htmlnvdExploit
- seclists.org/fulldisclosure/2015/Jul/64nvdExploit
- www.openwall.com/lists/oss-security/2015/07/20/1nvdExploit
- www.openwall.com/lists/oss-security/2015/07/27/8nvdExploit
- www.vapid.dhs.org/advisory.phpnvdExploit
News mentions
0No linked articles in our index yet.