Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin WP Symposium Arbitrary File Upload Vulnerabilities (11.11.26) - Vulnerability Database

WordPress Plugin WP Symposium Arbitrary File Upload Vulnerabilities (11.11.26)

Description

WordPress Plugin WP Symposium is prone to multiple vulnerabilities that lets attackers upload arbitrary files. An attacker can exploit these vulnerabilities to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WordPress Plugin WP Symposium version 11.11.26 is vulnerable; other versions may also be affected.

Remediation

Update to plugin version 11.12.24 or latest

References

http://1337day.com/exploits/18565
http://secunia.com/advisories/46097/

Related Vulnerabilities

WordPress Plugin Simple:Press Security Bypass and Arbitrary File Upload Vulnerabilities (4.1.2) High
Common tags: Missing Update Unauthenticated File Upload
WordPress Plugin Hungred Post Thumbnail 'hpt_file_upload.php' Arbitrary File Upload (2.1.9) High
Common tags: Missing Update Unauthenticated File Upload
WordPress Plugin LB Mixed Slideshow 'upload.php' Arbitrary File Upload (1.0) High
Common tags: Missing Update Unauthenticated File Upload
WordPress Plugin Katalyst TimThumb 'timthumb.php' Arbitrary File Upload (1.0) High
Common tags: Missing Update Unauthenticated File Upload
WordPress Plugin Advanced Custom Fields (ACF) Arbitrary File Upload (5.12.2) High
Common tags: Missing Update Unauthenticated File Upload

Severity

High

Classification

CVE-2011-5051
CWE-434
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update
Unauthenticated File Upload