{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T07:09:15.481","vulnerabilities":[{"cve":{"id":"CVE-2015-10136","sourceIdentifier":"security@wordfence.com","published":"2025-07-19T10:15:23.773","lastModified":"2025-12-16T16:40:40.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information."},{"lang":"es","value":"El complemento GI-Media Library para WordPress es vulnerable a Directory Traversal en versiones anteriores a la 3.0 mediante el parámetro 'fileid'. Esto permite a atacantes no autenticados leer el contenido de archivos arbitrarios en el servidor, que pueden contener información confidencial."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zishanj:gi-media-library:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"3.0","matchCriteriaId":"2A4E11E6-EA4D-463D-B825-CDD1B4680421"}]}]}],"references":[{"url":"http://wordpressa.quantika14.com/repository/index.php?id=24","source":"security@wordfence.com","tags":["Broken Link"]},{"url":"https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb","source":"security@wordfence.com","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/changeset/1132677","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://wordpress.org/plugins/gi-media-library/#developers","source":"security@wordfence.com","tags":["Product"]},{"url":"https://wpscan.com/vulnerability/7754","source":"security@wordfence.com","tags":["Broken Link"]},{"url":"https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_file_read/","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}