CVE-2013-5962
CVE-2013-5962 is a medium-severity vulnerability in Envato Complete Gallery Manager Plugin with a CVSS 2.0 base score of 5.1. Its EPSS exploit-prediction score of 15% places it in the 96th percentile, indicating an elevated likelihood of exploitation.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.1)
- EPSS exploit prediction: 15% (96th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Envato Complete Gallery Manager Plugin
- Published:
- Last modified:
Description
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.
Frequently asked questions
- What is CVE-2013-5962?
- Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.
- How severe is CVE-2013-5962?
- CVE-2013-5962 has a CVSS 2.0 base score of 5.1, rated medium severity.
- Is CVE-2013-5962 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 15% (96th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2013-5962?
- CVE-2013-5962 primarily affects Envato Complete Gallery Manager Plugin. In total, 24 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2013-5962?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2013-5962 published?
- CVE-2013-5962 was published on 2013-09-30 and last updated on 2026-06-16.
References
- http://archives.neohapsis.com/archives/bugtraq/2013-09/0090.html
- http://codecanyon.net/item/complete-gallery-manager-for-wordpress/2418606
- http://packetstormsecurity.com/files/123303
- http://secunia.com/advisories/54894
- http://www.exploit-db.com/exploits/28377
- http://www.vulnerability-lab.com/get_content.php?id=1080
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87172
Affected products (24)
- cpe:2.3:a:envato:complete_gallery_manager_plugin:*:rev39177:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:1.0.0:rev25273:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:1.0.1:rev25421:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:1.0.2:rev25487:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:2.0.0:rev27524:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:2.0.1:rev27876:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:2.0.2:rev28693:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:2.0.3:rev28734:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.0.0:rev29469:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.0.1:rev29536:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.1.0:rev30003:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.1.1:rev30900:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.0:rev31030:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.1:rev33197:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.2:rev33971:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.3:rev34390:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.4:rev34757:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.5:rev34942:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.6:rev36235:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.7:rev36257:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.8:rev36369:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.3.0:rev36620:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.3.1:rev38906:*:*:*:*:*:*
- cpe:2.3:a:envato:complete_gallery_manager_plugin:3.3.2:rev39009:*:*:*:*:*:*