Vulnerability Report

CVE-2014-5460

RCE

Title: Tribulant Tibulant Slideshow Gallery RCE

RCE

Proof Of Concept

PoC Available for CVE-2014-5460

CWE Category CWE-20

Published Date Sep 11, 2014

Modified Date Jun 17, 2026

Exploit Status Available

Score 6.5 CVSS v2.0

Exploit Probability (EPSS)

70.89%

Vulnerability Summary

CVE-2014-5460: Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.

Impacted Vendors

tribulant 1

Reference Links

http://packetstormsecurity.com/files/128069/WordPress-Slideshow-Gallery-1.4.6-Shell-Upload.html http://secunia.com/advisories/60074 http://whitexploit.blogspot.mx/2014/08/wordpress-slideshow-gallery-146-shell.html http://www.exploit-db.com/exploits/34514 http://www.exploit-db.com/exploits/34681 http://www.securityfocus.com/archive/1/533281/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/95676 https://wordpress.org/plugins/slideshow-gallery/changelog http://packetstormsecurity.com/files/128069/WordPress-Slideshow-Gallery-1.4.6-Shell-Upload.html http://secunia.com/advisories/60074 http://whitexploit.blogspot.mx/2014/08/wordpress-slideshow-gallery-146-shell.html http://www.exploit-db.com/exploits/34514 http://www.exploit-db.com/exploits/34681 http://www.securityfocus.com/archive/1/533281/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/95676 https://wordpress.org/plugins/slideshow-gallery/changelog

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

6.5

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:S/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2014-5460 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/34681

View Code

Exploit-DB https://www.exploit-db.com/exploits/34514

View Code

June 17, 2026 MODIFIED

Vulnerability data updated via NVD.

May 06, 2026 MODIFIED

Vulnerability data updated via NVD.

May 06, 2026 MODIFIED

Vulnerability data updated via NVD.

April 12, 2025 MODIFIED

Vulnerability data or affected products updated.

September 11, 2014 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:S/C:P/I:P/A:P

Affected Stack

No specific products linked.