pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

3 Free AI Intelligence Analyses

Get the full picture on any CVE — kill chain diagrams, exploit sequences, technical breakdowns, and key risks. No credit card required.

• Full AI intelligence brief on any vulnerability
• Kill chain & exploit sequence diagrams
• Key risks & affected systems analysis
• 3 analyses free — no card needed