VYPR
Vendor

Pixabay Images Project

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2025-4413HigJun 18, 2025
    risk 0.57cvss 8.8epss 0.01

    The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above,…

  • CVE-2015-1376Jan 28, 2015
    risk 0.06cvss epss 0.34

    pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

  • CVE-2015-1375Jan 28, 2015
    risk 0.04cvss epss 0.12

    pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

  • CVE-2015-1365Jan 27, 2015
    risk 0.04cvss epss 0.13

    Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.

  • CVE-2015-1366Jan 27, 2015
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.