Description
WordPress Plugin ReFlex Gallery is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WordPress Plugin ReFlex Gallery version 3.1.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.1.4 or latest
References
http://www.exploit-db.com/exploits/36374/
http://packetstormsecurity.com/files/130845/WordPress-Reflex-Gallery-3.1.3-Shell-Upload.html
https://github.com/googleinurl/Wordpress-Plugin-Reflex-Gallery-Arbitrary-File-Upload
http://packetstormsecurity.com/files/131515/WordPress-Reflex-Gallery-Upload.html
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery 'nggallery-manage-gallery' HTML Injection (0.96)
WordPress Plugin One page checkout and layouts for woocommerce Unspecified Vulnerability (2.7)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.148)
WordPress Plugin WordPress Landing Pages Remote Code Execution (1.9.0)