Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1) - Vulnerability Database

WordPress Plugin Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1)

Description

WordPress Plugin Video Embed & Thumbnail Generator is prone to multiple remote code execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the affected webserver process. WordPress Plugin Video Embed & Thumbnail Generator version 1.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0 or latest

References

http://plugins.trac.wordpress.org/changeset?old_path=%2Fvideo-embed-thumbnail-generator&old=507924&new_path=%2Fvideo-embed-thumbnail-generator&new=507924
http://secunia.com/advisories/48087/

Related Vulnerabilities

WordPress 2.1.1 Command Execution Backdoor Vulnerability (2.1.1) High
Common tags: Missing Update Code Execution
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2) High
Common tags: Missing Update Code Execution
WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40) High
Common tags: Missing Update Code Execution
WordPress Plugin Divi Builder PHP Code Injection (4.0.9) High
Common tags: Missing Update Code Execution
WordPress Plugin Backup Migration Remote Code Execution (1.3.7) High
Common tags: Missing Update Code Execution

Severity

High

Classification

CVE-2012-1785
CWE-20
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update
Code Execution