CVE-2014-4972

Name of the Vulnerable Software and Affected Versions Gravity Upload Ajax plugin versions 1.1 and earlier for WordPress

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity forms.

Recommendations For Gravity Upload Ajax plugin versions 1.1 and earlier, consider disabling the file upload functionality until a patch is available. Restrict access to the wp-content/uploads/gravity forms directory to minimize the risk of exploitation. Avoid using executable file extensions in uploads to prevent arbitrary code execution.