Because of this vulnerability in multi.php, the attackers can execute arbitrary code by uploading a file with an executable extension and after that accessing it via a direct request to the file in wp-content/uploads/wpdb/.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
simple dropbox upload | le | 1.8.8.0 |