Description
jQuery File Upload is a file upload widget with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video for jQuery.
A change in Apache's Web Server security setting handling exposed users of this plugin to an unrestricted file upload flaw.
Remediation
Upgrade to the latest version of jQuery File Upload. This vulnerability was fixed in jQuery File Upload v9.22.1
References
Related Vulnerabilities
WordPress Plugin YITH WooCommerce Gift Cards Premium Arbitrary File Upload (3.19.0)
WordPress Plugin vSlider Multi Image Slider for WordPress Arbitrary File Upload (4.1.2)
Telerik Web UI Insecure Direct Object Reference
WordPress Plugin PHP Analytics Arbitrary File Upload (1.0.0.2)
WordPress Plugin Users Ultra Membership Arbitrary File Upload (1.5.58)