Description
WordPress Plugin Ruben Boelinger wordTube is prone to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Ruben Boelinger wordTube version 1.43 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 1.44 or latest
References
http://www.securityfocus.com/bid/23737/exploit
http://www.securityfocus.com/archive/1/467362
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple Vulnerabilities (2.0.77)
WordPress Plugin Flip Book 'php.php' Arbitrary File Upload (1.0)
WordPress Plugin Mass Pages/Posts Creator Cross-Site Scripting (1.2.2)
WordPress Plugin WPshop-eCommerce Arbitrary File Upload (1.3.9.5)
WordPress Plugin WP Customer Area Cross-Site Scripting (7.4.2)