Description
WordPress Plugin LOGOSWARE SUITE Uploader is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WordPress Plugin LOGOSWARE SUITE Uploader version 1.1.6 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
Related Vulnerabilities
Django Improper Input Validation Vulnerability (CVE-2014-0480)
WebLogic CVE-2022-21258 Vulnerability (CVE-2022-21258)
PleskLin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-0132)
WordPress Plugin WP Super Cache Remote Code Execution (1.7.1)
Oracle Database Server CVE-2012-0072 Vulnerability (CVE-2012-0072)