CVE-2014-5460

Name of the Vulnerable Software and Affected Versions Tribulant Slideshow Gallery plugin versions prior to 1.4.7

Description The issue allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/. This is due to an unrestricted file upload vulnerability.

Recommendations For versions prior to 1.4.7, update to version 1.4.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-content/uploads/slideshow-gallery/ directory to prevent direct requests to uploaded files.