WordPress Kish Guest Posting <= 1.2 Unrestricted File Upload Vulnerability

Description:

The Kish Guest Posting Plugin for WordPress contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the plugin uses the uploadify.php script, which does not properly verify or sanitize user-uploaded files.

References:

• CVE-2012-5318
• CVE-2012-1125
• BID-51638
• EDB-18412

Disclosure Date:

January 23, 2012