ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Social Media Widget Plugin <= 4.0 - Remote File Inclusion

Product
Social Media Widget
Description
This plugin contains a Trojan Horse, which allows the attackers to force the upload of arbitrary files.
Solution
Update the plugin.
Classification
Type Remote File Inclusion
References
CVE Mitre
CVE
Name CVE-2013-1949
Versions
Affected In <= 4.0
Fixed In 4.1
Disclosure date
2013-02-19
Credits
Kurt Seifried