Pixabay Images
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-4413 | Hig | 0.57 | 8.8 | 0.01 | Jun 18, 2025 | The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above,… | ||
| CVE-2015-1376 | 0.06 | — | 0.34 | Jan 28, 2015 | pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com. | |||
| CVE-2015-1375 | 0.04 | — | 0.12 | Jan 28, 2015 | pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files. | |||
| CVE-2015-1365 | 0.04 | — | 0.13 | Jan 27, 2015 | Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter. | |||
| CVE-2015-1366 | 0.03 | — | 0.06 | Jan 27, 2015 | Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter. |
- risk 0.57cvss 8.8epss 0.01
The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above,…
- CVE-2015-1376Jan 28, 2015risk 0.06cvss —epss 0.34
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
- CVE-2015-1375Jan 28, 2015risk 0.04cvss —epss 0.12
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
- CVE-2015-1365Jan 27, 2015risk 0.04cvss —epss 0.13
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.
- CVE-2015-1366Jan 27, 2015risk 0.03cvss —epss 0.06
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.