ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Kish Guest Posting Plugin <= 1.2 - Unrestricted File Upload

Product
Kish Guest Posting
Description
Because of this vulnerability in uploadify/scripts/uploadify.php, the attackers can execute arbitrary code by uploading a file with a double extension. After that they access it via a direct request to the file in the directory specified by the "folder" parameter.
Solution
Update the plugin.
Classification
Type Arbitrary File Upload
References
CVE Mitre
CVE
Name CVE-2012-5318
Versions
Affected In <= 1.2
Fixed In 1.3
Disclosure date
2012-10-08
Credits
EgiX