PHP does not perform proper bounds checking on in functions related to Form-based File Uploads in HTML (RFC1867). Specifically, this problem occurs in the functions which are used to decode MIME encoded files. As a result, it may be possible to overrun the buffer used for the vulnerable functions to cause arbitrary attacker-supplied instructions to be executed.
Affected PHP versions (up to 4.1.1).
Upgrade PHP to the latest version.
WordPress Plugin Multiple Page Generator-MPG Cross-Site Request Forgery (3.3.9)
WordPress Plugin Erident Custom Login and Dashboard Cross-Site Scripting (3.5.8)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.23)
WordPress Plugin ShareThis:Free Sharing Buttons and Tools Cross-Site Request Forgery (7.0.5)
WordPress Plugin YITH WooCommerce Mailchimp Security Bypass (2.1.3)