ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Grapefile Plugin <= 1.1 - Arbitrary File Upload

Product
Grapefile
Description
WordPress Grapefile plugin is prone to a vulnerability which allows attackers to upload arbitrary files. This is because it fails to adequately clean up user-supplied input. In this way, the attackers can use this vulnerability to upload an arbitrary code and then run it in the context of the webserver process.
Solution
Update the plugin.
Classification
Type Arbitrary File Upload
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.1
Fixed In 1.2
Disclosure date
2011-08-31
Credits
Hrvoje Spoljar