WordPress Kish Guest Posting <= 1.2 Unrestricted File Upload Vulnerability

Description:

The Kish Guest Posting Plugin for WordPress contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the plugin uses the uploadify.php script, which does not properly verify or sanitize user-uploaded files.

References:

Disclosure Date:

January 23, 2012