PT-2022-7729 · WordPress · User Photo
Advtools
·
Published
2022-06-24
·
Updated
2022-07-07
·
CVE-2013-1916
CVSS v2.0
8.5
High
| Vector | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
WordPress Plugin User Photo version 0.9.4
Description
The issue allows an attacker to upload a backdoor to the server hosting WordPress by exploiting the partial validation of uploaded photos. This backdoor can be executed even before the uploaded photo is approved.
Recommendations
For WordPress Plugin User Photo version 0.9.4, update to a newer version that contains a fix for this issue to prevent the upload of malicious backdoors.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
User Photo