WordPress File Upload <= 3.4.0 - Unauthenticated Malicious File Upload

2015-11-09T00:00:00
ID WPVDB-ID:8226
Type wpvulndb
Reporter Garth Mortensen
Modified 2019-11-28T00:00:00

Description

WordPress Vulnerability - WordPress File Upload <= 3.4.0 - Unauthenticated Malicious File Upload

PoC

1. Install wp-file-upload on a WordPress site and activate it. 2. Create an upload form on a page. 3. Create a file named payload.php.....jpg with the contents