Unrestricted File Upload in Kish Guest Posting for WordPress
CVE-2012-5318

Currently unrated

Key Information:

Vendor

Wordpress
Status
Kish Guest Posting Plugin
Vendor
CVE Published:
8 October 2012

What is CVE-2012-5318?

The Kish Guest Posting plugin for WordPress contains an unrestricted file upload vulnerability in the uploadify/scripts/uploadify.php file. This flaw allows attackers to upload malicious files with double extensions, enabling arbitrary code execution. The issue arises from an incomplete fix related to a previous vulnerability, exposing users to potential security breaches if exploited. Affected users should promptly update their plugin to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/47688
third-party-advisoryx_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2012/03/08/1
mailing-listx_refsource_MLIST

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.