IRCAD2013123056
ID: IRCAD2013123056
Release Date: 2013-12-13
Criticality level: Highly critical
Software:
WordPress OptimizePress Plugin 1.x
Description:
A vulnerability has been reported in the OptimizePress plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the /wp-content/themes/OptimizePress/lib/admin/media-upload.php script improperly validating the extension of an uploaded file. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.
The vulnerability is reported in versions prior to 1.6.
Solution
Update to version 1.6.
References:
OptimizePress:
OSIRT:
Secunia:
http://secunia.com/advisories/55957/
نظرات