cleantalk
Vulnerabilities and Security Researches

ReFlex Gallery » WordPress Photo Gallery, CVE-2015-4133

CVE, Research URL

CVE-2015-4133

Home page URL

Security reports for ReFlex Gallery » WordPress Photo Gallery

Application

ReFlex Gallery » WordPress Photo Gallery

Published on
May 28, 2015
Research Description
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.
Affected versions
Min -, max 3.1.4.
Status
vulnerable
Previous vulnerability researches
ReFlex Gallery » WordPress Photo Gallery (CVE-2015-4133) , Jun 06, 2024
ReFlex Gallery » WordPress Photo Gallery (CVE-2013-7482) , Jun 06, 2024
ReFlex Gallery » WordPress Photo Gallery (CVE-2013-6837) , Jun 06, 2024
New vulnerability
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025
Royal Elementor Addons and Templates (CVE-2025-3813) , Jun 06, 2025