This host is installed with Wordpress Uploader plugin and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site and compromise a vulnerable system. Impact Level: Application

No solution or patch is available as of 20th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://wordpress.org/plugins/uploader

Flaws are due to, - Input passed via the 'blog' GET parameter to notify.php is not properly sanitised before being returned to the user. - The uploadify.php script allows the upload of files with arbitrary extensions to a folder inside the webroot.

WordPress Uploader Plugin 1.0.4, Other versions may also be affected.

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

• http://secunia.com/advisories/52465
• https://www.dognaedis.com/vulns/DGS-SEC-16.html

---

Updated on 2017-03-28