CVE-2012-3578

Name of the Vulnerable Software and Affected Versions FCChat Widget plugin versions 2.2.13.1 and earlier for WordPress

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.

Recommendations For FCChat Widget plugin versions 2.2.13.1 and earlier, consider disabling the file upload functionality in html/Upload.php until a patch is available. Restrict access to the html/images directory to minimize the risk of exploitation. Avoid using the file upload feature in the affected plugin until the issue is resolved.