ThreatPress

WordPress Vulnerabilities Database

Back

WordPress N-Media file uploader Plugin <= 3.3 - Unrestricted File Upload

Product
N-Media File Uploader
Description
Because of this vulnerability, authenticated users can execute arbitrary PHP code by leveraging Author privileges to store a file.
Solution
Update the plugin.
Classification
Type Local File Inclusion
References
CVE Mitre
CVE
Name CVE-2014-5324
Versions
Affected In <= 3.3
Fixed In 3.4
Disclosure date
2014-08-18
Credits
Yuji Tounai