Uploader Plugin

Name: Uploader
Type: XSS + File Inclusion
Exploit version: 1.0.4
Release Date: 03-05-2013
Status: Uploader has not been patched yet.  •

Description:
1) Input passed via the "blog" GET parameter to wp-content/plugins/uploader/views/notify.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

2) The wp-content/plugins/uploader/uploadify/uploadify.php script allows the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code.



Plugin Information

  1. Downloaded: 4819 Times
  2. Current Version: 1.0.4
  3. Author: Profile
  4. Tested up to: 3.4.2
  5. Download Plugin

Security Information

  1. Secunia ID: 52465
  2. Credit: Dognaedis
  • Plugin statistics provided by WordPress.org. Updated within the last day or so.
  • ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository