CVE-2017-1002016 – flickr-picture-backup <= 0.7 - Arbitrary file upload

https://notcve.org/view.php?id=CVE-2017-1002016

Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. Existe una vulnerabilidad en el plugin flickr-picture-backup v0.7 de WordPress. El código en flickr-picture-download.php no verifica si el usuario está autenticado o tiene permisos para subir archivos. • http://www.vapidlabs.com/advisory.php?v=190 https://wordpress.org/plugins/flickr-picture-backup • CWE-434: Unrestricted Upload of File with Dangerous Type •