Basic Contact Form <= 1.0.3 - Potential Unauthenticated Shell Upload

Uploading attachments in the contact form allows to run any kind of PHP code depending on the server config. The issue is related to this https://www.exploit-db.com/exploits/10089/ one. Explanation there will help to understand the problem. Following code is part of the function...

WP Symposium <= 14.11 - Unauthenticated Shell Upload

The wp-symposium WordPress plugin was affected by an Unauthenticated Shell Upload security vulnerability...

Wordpress wpDataTables 1.5.3 shell Upload Exploit

The wordpress premium plugin wpDataTables 1.5.3 and below suffers from Unauthenticated Shell Upload Vulnerability !/usr/bin/python Exploit Name: Wordpress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Date : 2014-11-22 Exploit...

Barclaycart - Unauthenticated Shell Upload

The Barclaycart WordPress plugin was found to be vulnerable to an Unauthenticated Shell Upload security vulnerability, due to using a vulnerable version of the third-party uploadify dependency. This issue has been seen exploited in the wild. PoC "@$uploadfile",...