{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93478?format=json","vulnerability_id":"VCID-15kp-b7du-1fgc","summary":"","aliases":[{"alias":"CVE-2015-10137"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-10137","reference_id":"","reference_type":"","scores":[{"value":"0.79206","scoring_system":"epss","scoring_elements":"0.9909","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-10137"},{"reference_url":"https://packetstormsecurity.com/files/131413/","reference_id":"131413","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:49:20Z/"}],"url":"https://packetstormsecurity.com/files/131413/"},{"reference_url":"https://packetstormsecurity.com/files/131514/","reference_id":"131514","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:49:20Z/"}],"url":"https://packetstormsecurity.com/files/131514/"},{"reference_url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8395e0c4-3feb-4551-9f2f-7b80cd187eca?source=cve","reference_id":"8395e0c4-3feb-4551-9f2f-7b80cd187eca?source=cve","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:49:20Z/"}],"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8395e0c4-3feb-4551-9f2f-7b80cd187eca?source=cve"},{"reference_url":"https://plugins.trac.wordpress.org/browser/website-contact-form-with-file-upload/trunk/readme.txt","reference_id":"readme.txt","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:49:20Z/"}],"url":"https://plugins.trac.wordpress.org/browser/website-contact-form-with-file-upload/trunk/readme.txt"},{"reference_url":"https://plugins.trac.wordpress.org/browser/website-contact-form-with-file-upload/trunk/readme.txt#L147","reference_id":"readme.txt#L147","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:49:20Z/"}],"url":"https://plugins.trac.wordpress.org/browser/website-contact-form-with-file-upload/trunk/readme.txt#L147"},{"reference_url":"https://www.homelab.it/index.php/2015/04/12/wordpress-n-media-website-contact-form-shell-upload/","reference_id":"wordpress-n-media-website-contact-form-shell-upload","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:49:20Z/"}],"url":"https://www.homelab.it/index.php/2015/04/12/wordpress-n-media-website-contact-form-shell-upload/"},{"reference_url":"https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-n-media-website-contact-form-with-file-upload-arbitrary-file-upload-1-3-4/","reference_id":"wordpress-plugin-n-media-website-contact-form-with-file-upload-arbitrary-file-upload-1-3-4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T19:49:20Z/"}],"url":"https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-n-media-website-contact-form-with-file-upload-arbitrary-file-upload-1-3-4/"}],"weaknesses":[{"cwe_id":434,"name":"Unrestricted Upload of File with Dangerous Type","description":"The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment."}],"exploits":[{"date_added":null,"description":"This module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form\n          plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.","required_action":null,"due_date":null,"notes":"Reliability:\n  - unknown-reliability\nStability:\n  - unknown-stability\nSideEffects:\n  - unknown-side-effects\n","known_ransomware_campaign_use":false,"source_date_published":"2015-04-12","exploit_type":null,"platform":"PHP","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/webapp/wp_nmediawebsite_file_upload.rb"}],"severity_range_score":"9.8 - 9.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15kp-b7du-1fgc"}