WordPress · Complete Gallery Manager · CVE-2013-5962
**Name of the Vulnerable Software and Affected Versions**
Complete Gallery Manager plugin versions prior to 3.3.4 rev40279
**Description**
The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the `/frames/upload-images.php` endpoint, and then accessing it via a direct request to the file in `wp-content/[year]/[month]/`.
**Recommendations**
For versions prior to 3.3.4 rev40279, update to version 3.3.4 rev40279 or later to resolve the issue. As a temporary workaround, consider restricting access to the `upload-images.php` file in the `frames` directory to minimize the risk of exploitation.