CVE-2012-3577

Name of the Vulnerable Software and Affected Versions Nmedia Member Conversation plugin versions prior to 1.4

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the doupload.php file, and then accessing it via a direct request to the file in wp-content/uploads/user uploads.

Recommendations For versions prior to 1.4, update to version 1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the doupload.php file to prevent unauthorized file uploads.