CVE-2013-5962

Name of the Vulnerable Software and Affected Versions Complete Gallery Manager plugin versions prior to 3.3.4 rev40279

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the /frames/upload-images.php endpoint, and then accessing it via a direct request to the file in wp-content/[year]/[month]/.

Recommendations For versions prior to 3.3.4 rev40279, update to version 3.3.4 rev40279 or later to resolve the issue. As a temporary workaround, consider restricting access to the upload-images.php file in the frames directory to minimize the risk of exploitation.