{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T03:52:08.692","vulnerabilities":[{"cve":{"id":"CVE-2015-10144","sourceIdentifier":"security@wordfence.com","published":"2025-07-25T03:15:32.463","lastModified":"2025-12-16T14:57:31.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected sites server using a double extension which may make remote code execution possible."},{"lang":"es","value":"El complemento Responsive Thumbnail Slider para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de depuración del tipo de archivo en el cargador de imágenes en versiones anteriores a la 1.0.1. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, carguen archivos arbitrarios en el servidor de los sitios afectados mediante una extensión doble, lo que podría posibilitar la ejecución remota de código."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:i13websolution:thumbnail_carousel_slider:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.0.1","matchCriteriaId":"CB2B930B-D292-4ED3-9098-8EB8892C3AEB"}]}]}],"references":[{"url":"https://cxsecurity.com/issue/WLB-2015080170","source":"security@wordfence.com","tags":["Exploit"]},{"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_responsive_thumbnail_slider_upload.rb","source":"security@wordfence.com","tags":["Exploit"]},{"url":"https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-thumbnail-carousel-slider-arbitrary-file-upload-1-0/","source":"security@wordfence.com","tags":["Technical Description"]},{"url":"https://www.exploit-db.com/exploits/37998","source":"security@wordfence.com","tags":["Exploit"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6c396ae6-d34c-4554-b670-28868dc136a5?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}