Unrestricted File Upload in Kish Guest Posting for WordPress
CVE-2012-5318

Currently unrated

Key Information:

Vendor: Wordpress
Status: Kish Guest Posting Plugin
Vendor: CVE Published:; 8 October 2012

Summary

The Kish Guest Posting plugin for WordPress contains an unrestricted file upload vulnerability in the uploadify/scripts/uploadify.php file. This flaw allows attackers to upload malicious files with double extensions, enabling arbitrary code execution. The issue arises from an incomplete fix related to a previous vulnerability, exposing users to potential security breaches if exploited. Affected users should promptly update their plugin to mitigate this risk.

References

http://secunia.com/advisories/47688

third-party-advisoryx_refsource_SECUNIA

http://www.openwall.com/lists/oss-security/2012/03/08/1

mailing-listx_refsource_MLIST

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 8, 2012