Description
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Clean Login Unspecified Vulnerability (1.8)
WordPress Plugin Rockhoist Badges Cross-Site Scripting (1.2.2)
Joomla! Core 3.4.x Cross-Site Scripting (3.4.0 - 3.4.3)
Ruby on Rails CVE-2021-22902 Vulnerability (CVE-2021-22902)
WordPress Plugin Add-on SweetAlert Contact Form 7 Unspecified Vulnerability (1.0.7)