CVE-2013-5962: Medium severity envato complete gallery manager plugin vulnerability

Published Sep 30, 2013
·
Updated

Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.

Affected Software

24 affected components
Envato Complete Gallery Manager Plugin<=3.3.3
Envato Complete Gallery Manager Plugin=1.0.0-rev25273
Envato Complete Gallery Manager Plugin=1.0.1-rev25421
Envato Complete Gallery Manager Plugin=1.0.2-rev25487
Envato Complete Gallery Manager Plugin=2.0.0-rev27524
Envato Complete Gallery Manager Plugin=2.0.1-rev27876
Envato Complete Gallery Manager Plugin=2.0.2-rev28693
Envato Complete Gallery Manager Plugin=2.0.3-rev28734
Envato Complete Gallery Manager Plugin=3.0.0-rev29469
Envato Complete Gallery Manager Plugin=3.0.1-rev29536
Envato Complete Gallery Manager Plugin=3.1.0-rev30003
Envato Complete Gallery Manager Plugin=3.1.1-rev30900
Envato Complete Gallery Manager Plugin=3.2.0-rev31030
Envato Complete Gallery Manager Plugin=3.2.1-rev33197
Envato Complete Gallery Manager Plugin=3.2.2-rev33971
Envato Complete Gallery Manager Plugin=3.2.3-rev34390
Envato Complete Gallery Manager Plugin=3.2.4-rev34757
Envato Complete Gallery Manager Plugin=3.2.5-rev34942
Envato Complete Gallery Manager Plugin=3.2.6-rev36235
Envato Complete Gallery Manager Plugin=3.2.7-rev36257
Envato Complete Gallery Manager Plugin=3.2.8-rev36369
Envato Complete Gallery Manager Plugin=3.3.0-rev36620
Envato Complete Gallery Manager Plugin=3.3.1-rev38906
Envato Complete Gallery Manager Plugin=3.3.2-rev39009

Event History

Sep 30, 2013
CVE Published
via MITRE·04:00 PM
Data Sourced
via MITRE·04:00 PM
Description
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2013-5962?

CVE-2013-5962 is considered a critical vulnerability due to its potential for remote code execution.

2

How do I fix CVE-2013-5962?

To fix CVE-2013-5962, update the Complete Gallery Manager plugin to version 3.3.4 or newer.

3

What types of files can be uploaded leveraging CVE-2013-5962?

CVE-2013-5962 allows attackers to upload files with executable extensions, potentially leading to malicious code execution.

4

Which versions of the Complete Gallery Manager plugin are affected by CVE-2013-5962?

CVE-2013-5962 affects versions of the Complete Gallery Manager plugin prior to 3.3.4, including earlier revisions.

5

Who can exploit CVE-2013-5962?

Remote attackers can exploit CVE-2013-5962 without authentication, making it particularly dangerous.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
CVE-2013-5962 - Medium severity envato complete gallery manager plugin vulnerability - SecAlerts