Critical severity9.8NVD Advisory· Published Oct 5, 2018· Updated Jun 17, 2026
CVE-2015-9272
CVE-2015-9272
Description
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 3.31.17+ 1 more
- (no CPE)range: = 3.31.17
- (no CPE)range: <=3.31.17
Patches
Vulnerability mechanics
References
2- www.vapidlabs.com/advisory.phpnvdExploitThird Party Advisory
- www.openwall.com/lists/oss-security/2015/04/01/2nvdExploitMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.