CVE-2012-3576

Name of the Vulnerable Software and Affected Versions wpStoreCart plugin versions prior to 2.5.30

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the php/upload.php endpoint, and then accessing it via a direct request to the file in uploads/wpstorecart.

Recommendations For versions prior to 2.5.30, update to version 2.5.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the php/upload.php endpoint to prevent unauthorized file uploads until the update is applied.