- Multiple vendor applications utilize FCKeditor. FCKeditor contains functionality to handle file uploads and file management. A remote attacker could use this functionality to upload malicious executable files on the system. To test file upload capabilities, Acunetix created a file named Acunetix_WVS_File_Upload_test.txt on the server.
- It is recommended to disable the file upload functionality in FCKeditor (if not required).
- WordPress Plugin vSlider Multi Image Slider for WordPress Arbitrary File Upload (4.1.2)
- WordPress Plugin Mobile App Native (Make a mobile app-Native iPhone & Android Mobile App FREE) Arbitrary File Upload (3.0)
- FTP anonymous writable directories
- WordPress Plugin SB Uploader Arbitrary File Upload (3.2)
- WordPress Plugin VideoWhisper Video Conference Integration Arbitrary File Upload (4.91.8)