WordPress.wpStoreCart.Plugin.Arbitrary.File.Upload
Description
This indicates an attack attempt to exploit a Remote File Inclusion vulnerability in wpStoreCart Plugin for WordPress.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling uploaded files. A remote attacker can exploit this to upload arbitrary files and by making a direct request to the file, also execute the script file uploaded.
Affected Products
wpStoreCart Plugin for WordPress 2.5.27
wpStoreCart Plugin for WordPress 2.5.28
wpStoreCart Plugin for WordPress 2.5.29
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected site.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://plugins.trac.wordpress.org/changeset?old_path=%2Fwpstorecart&old=555124&new_path=%2Fwpstorecart&new=555124
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-02-01 | 14.540 | Name:Wordpress. wpStoreCart. Plugin. Arbitrary. File. Upload:WordPress. wpStoreCart. Plugin. Arbitrary. File. Upload |