WordPress Kish Guest Posting <= 1.2 Unrestricted File Upload Vulnerability


The Kish Guest Posting Plugin for WordPress contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the plugin uses the uploadify.php script, which does not properly verify or sanitize user-uploaded files.


Disclosure Date:

January 23, 2012