CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 1CVE-2013-1916 – User Photo <= 0.9.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-1916
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved. En el plugin User Photo de WordPress 0.9.4, cuando es subida una foto, sólo es comprobada parcialmente y es posible cargar una puerta trasera en el servidor que aloja WordPress. Este backdoor puede ser llamado (ejecutado) incluso si la foto aún no ha sido aprobada • https://www.exploit-db.com/exploits/16181 https://plugins.trac.wordpress.org/changeset/347137 https://wordpress.org/plugins/user-photo/#developers • CWE-434: Unrestricted Upload of File with Dangerous Type •