Advtools

**Name of the Vulnerable Software and Affected Versions** WordPress Plugin User Photo version 0.9.4 **Description** The issue allows an attacker to upload a backdoor to the server hosting WordPress by exploiting the partial validation of uploaded photos. This backdoor can be executed even before the uploaded photo is approved. **Recommendations** For WordPress Plugin User Photo version 0.9.4, update to a newer version that contains a fix for this issue to prevent the upload of malicious backdoors.