CVE-2015-10136

moderate-risk
Published 2025-07-19

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Do I need to act?

!
54.7% chance of exploitation in next 30 days
EPSS score — higher than 45% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Zishanj

References (7)

Broken Link http://wordpressa.quantika14.com/repository/index.php?id=24
Product https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/w...
Patch https://plugins.trac.wordpress.org/changeset/1132677
Product https://wordpress.org/plugins/gi-media-library/#developers
Broken Link https://wpscan.com/vulnerability/7754
Third Party Advisory https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_gimedia_library_file...
Third Party Advisory https://www.wordfence.com/threat-intel/vulnerabilities/id/2f80c3b9-5148-42eb-913...
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 18/34 · Moderate
Exposure 5/34 · Minimal